Cutting Down User Connections Forcibly - H3C S5100-SI Series Operation Manual
Hide thumbs
Also See for S5100-SI Series:
- Operation manual (830 pages) ,
- Installation manual (104 pages) ,
- Quick start manual (78 pages)
Table of Contents
Advertisement
Operation Manual – AAA
H3C S5100-SI/EI Series Ethernet Switches
Caution:
The following characters are not allowed in the user-name string: /:*?<>. And you
cannot input more than one "@" in the string.
After the local-user password-display-mode cipher-force command is executed,
any password will be displayed in cipher mode even though you specify to display a
user password in plain text by using the password command.
If a username and password is required for user authentication (RADIUS
authentication as well as local authentication), the command level that a user can
access after login is determined by the privilege level of the user. For SSH users
using RSA shared key for authentication, the commands they can access are
determined by the levels set on their user interfaces.
If the configured authentication method is none or password authentication, the
command level that a user can access after login is determined by the level of the
user interface.
If the clients connected to a port have different authorized VLANs, only the first
client passing the MAC address authentication can be assigned with an authorized
VLAN. The switch will not assign authorized VLANs for subsequent users passing
MAC address authentication. In this case, you are recommended to connect only
one MAC address authentication user or multiple users with the same authorized
VLAN to a port.
For local RADIUS authentication to take effect, the VLAN assignment mode must
be set to string after you specify authorized VLANs for local users.
2.1.5 Cutting Down User Connections Forcibly
Follow these steps to cut down user connections forcibly:
To do...
Enter system view
Cut down user
connections forcibly
Use the command...
system-view
cut connection { all | access-type { dot1x
| mac-authentication } | domain isp-name
| interface interface-type interface-number
| ip ip-address | mac mac-address |
radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index |
user-name user-name }
2-10
Chapter 2 AAA Configuration
Remarks
—
Required
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
