2-10
z The following characters are not allowed in the user-name string: /:*?<>. And you cannot input
more than one “@” in the string.
z After the local-user password-display-mode cipher-force command is executed, any password
will be displayed in cipher mode even though you specify to display a user password in plain text by
using the password command.
z If a user name and password is required for user authentication (RADIUS authentication as well as
local authentication), the command level that a user can access after login is determined by the
privilege level of the user. For SSH users using RSA shared key for authentication, the commands
they can access are determined by the levels set on their user interfaces.
z If the configured authentication method is none or password authentication, the command level
that a user can access after login is determined by the level of the user interface.
z If the clients connected to a port have different authorization VLANs, only the first client passing the
MAC address authentication can be assigned with an authorization VLAN. The switch will not
assign authorization VLANs for subsequent users passing MAC address authentication. In this
case, you are recommended to connect only one MAC address authentication user or multiple
users with the same authorization VLAN to a port.
z For local RADIUS authentication to take effect, the VLAN assignment mode must be set to string
after you specify authorization VLANs for local users.
Cutting Down User Connections Forcibly
Table 2-8 Cut down user connections forcibly
Operation Command Remarks
Enter system view
system-view
—
Cut down user
connections forcibly
cut connection { all | access-type { dot1x |
mac-authentication } | domain isp-name |
interface interface-type interface-number | ip
ip-address | ipv6
ipv6-address | mac
mac-address | radius-scheme
radius-scheme-name | vlan vlan-id | ucibindex
ucib-index | user-name user-name }
Required
You can use the display connection command to view the connections of Telnet users, but you cannot
use the cut connection command to cut down their connections.
RADIUS Configuration Task List
3Com’s Ethernet switches can function not only as RADIUS clients but also as local RADIUS servers.
To Next Page
Loading...