z

z

z

z

z

z

The following characters are not allowed in the user-namestring: /:*?<>. And you cannot input more than one “@” in the string.

After the local-user password-display-mode cipher-force command is executed, any password will be displayed in cipher mode even though you specify to display a user password in plain text by using the password command.

If a user name and password is required for user authentication (RADIUS authentication as well as local authentication), the command level that a user can access after login is determined by the privilege level of the user. For SSH users using RSA shared key for authentication, the commands they can access are determined by the levels set on their user interfaces.

If the configured authentication method is none or password authentication, the command level that a user can access after login is determined by the level of the user interface.

If the clients connected to a port have different authorization VLANs, only the first client passing the MAC address authentication can be assigned with an authorization VLAN. The device will not assign authorization VLANs for subsequent users passing MAC address authentication. In this case, you are recommended to connect only one MAC address authentication user or multiple users with the same authorization VLAN to a port.

For local RADIUS authentication or local authentication to take effect, the VLAN assignment mode must be set to string after you specify authorization VLANs for local users.

Cutting Down User Connections Forcibly

Follow these steps to cut down user connections forcibly

 

To do…

Use the command…

Remarks

 

 

Enter system view

system-view

 

 

 

 

 

 

 

 

cut connection { all access-type { dot1x

 

 

 

 

mac-authentication } domain isp-name

 

 

 

Cut down user

interface interface-type interface-number ip

 

 

 

ip-address mac mac-address

Required

 

 

connections forcibly

 

 

radius-schemeradius-scheme-name vlan

 

 

 

 

 

 

 

 

vlan-id ucibindex ucib-index user-name

 

 

 

 

user-name }

 

 

 

 

 

 

 

You can use the display connection command to view the connections of Telnet users, but you cannot use the cut connection command to cut down their connections.

RADIUS Configuration Task List

The device can function not only as RADIUS clients but also as local RADIUS servers.

2-8

Page 267
Image 267
3Com WX3000 operation manual Radius Configuration Task List, Cutting Down User Connections Forcibly, Cut down user