220CHAPTER 9: AAA AND RADIUS OPERATION

Table 233 Set/Remove the Attributes Concerned with a Specified User

Operation

Command

 

 

Remove the password set for the specified

undo password

user

 

Set the state of the specified user

state { active block }

Disable the state of the specified user

undo state { active block }

Set a service type for the specified user

service-type { ftp [

 

ftp-directory directory ]

 

lan-access [ level level

 

telnet [ level level ] ] telnet

 

[ level level [ level level ] ] }

Cancel the service type of the specified user

Configure the attributes of lan-access users

Remove the attributes defined for the lan-access users

undo service-type { telnet [ level [ level ] ] ftp [ftp-directory] lan-access [ level telnet [ level ] ] }

attribute { ip ip-address mac mac-address idle-cut second access-limit max-user-number vlan vlanid location { nas-ip ip-addressport portnum port portnum }*

undo attribute { ip mac idle-cut access-limit vlan location

}

Disconnecting a User by Force

Sometimes it is necessary to disconnect a user or a category of users by force. The system provides the following command to serve this purpose.

Perform the following configurations in system view.

Table 234 Disconnect a User by Force

Operation

Command

 

 

Disconnect a user by force

cut connection { all

 

access-type { dot1x gcm }

 

domain domain-name interface

 

portnum ip ip-address mac

 

mac-address radius-scheme

 

radius-scheme-name vlan vlanid

 

ucibindex ucib-index

 

user-nameuser-name }

 

 

By default, no online user will be disconnected by force.

Configuring the

On the Switch 7750, the RADIUS protocol is configured per RADIUS server group

RADIUS Protocol

basis. In a real networking environment, a RADIUS server group can be an

 

independent RADIUS server or a set of primary/secondary RADIUS servers with the

 

same configuration but two different IP addresses. Attributes of every RADIUS

 

server group include IP addresses of primary and secondary servers, shared key and

 

RADIUS server type, etc.

 

RADIUS protocol configuration only defines some necessary parameters using

 

information for interaction between NAS and RADIUS Server. To make these

 

parameters effective, it is necessary to configure, in the view, an ISP domain to use

Page 220
Image 220
3Com 10014298 Radius Protocol, Disconnecting a User by Force, By default, no online user will be disconnected by force