Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-22
1.3.7 Cutting Down User Connections Forcibly
Table 1-11 Cut down user connections forcibly
Operation Command Description
Enter system view
system-view
—
Cut down user
connections
forcibly
cut connection { all | access-type { dot1x
| mac-authentication } | domain isp-name
| interface interface-type interface-number
| ip ip-address | mac mac-address |
radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index |
user-name user-name }
Required
Note:
You can use the display connection command to view the connections of Telnet
users, but you cannot use the cut connection command to cut down their connections.
1.4 RADIUS Configuration
The RADIUS protocol configuration is performed on a RADIUS scheme basis. In an
actual network environment, you can either use a single RADIUS server or two
RADIUS servers (primary and secondary servers with the same configuration but
different IP addresses) in a RADIUS scheme. After creating a new RADIUS scheme,
you should configure the IP address and UDP port number of each RADIUS server you
want to use in this scheme. These RADIUS servers fall into two types:
authentication/authorization, and accounting. And for each type of server, you can
configure two servers in a RADIUS scheme: primary server and secondary server. A
RADIUS scheme has some parameters such as IP addresses of the primary and
secondary servers, shared keys, and types of the RADIUS servers.
In an actual network environment, you can configure the above parameters as required.
But you should configure at least one authentication/authorization server and one
accounting server, and you should keep the RADIUS server port settings on the switch
consistent with those on the RADIUS servers.
To Next Page
Loading...
Need help?
General