Tearing Down User Connections Forcibly - H3C S7500E Series Operation Manual

Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Note:
With the local-user password-display-mode cipher-force command configured,
a local user password is always displayed in cipher text, regardless of the
configuration of the password command. In this case, if you use the save
command to save the configuration, all existing local user passwords will still be
displayed in cipher text after the device restarts, even if you restore the display
mode to auto.
Local authentication checks the service types of a local user. If the service types are
not available, the user cannot pass authentication. During authorization, a user with
no service type configured is authorized with no service by default.
If you specify an authentication method that requires the username and password,
including
authentication, the level of the commands that a user can use after logging in
depends on the priority of the user, or the priority of user interface level as with other
authentication methods. For an SSH user using RSA public key authentication, the
commands that can be used depend on the level configured on the user interface.
For details regarding authentication method and command level, refer to Login
Configuration and System Maintaining and Debugging Configuration respectively.
Both the service-type and level commands can be used to specify user priority.
The one used later has the final effect.
The attribute access-limit command for local users is effective only after local
accounting scheme is configured.
The attribute ip command only applies to authentications that support IP address
passing, such as 802.1x. If you configure the command to authentications that do
not support IP address passing, such as MAC address authentication, the local
authentication will fail.
The attribute port command binds a port by its number only, regardless of the port
type.
The idle-cut command configured under ISP domain view applies to lan-access
users only.

1.3.8 Tearing down User Connections Forcibly

Follow these steps to tear down user connections forcibly:
local authentication,
1-22
Chapter 1 AAA/RADIUS/HWTACACS
RADIUS authentication
Configuration
and HWTACACS