43
To do… Use the command… Remarks
Specify the accounting method for
portal users
accounting portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional
The default accounting method
is used by default.
NOTE:
• With the accounting optional command configured, a user that would be otherwise disconnected can
still use the network resources even when no accounting server is available or communication with the
current accounting server fails.
• The local accounting method is not used to implement accounting, but to work together with the
access-limit command, which is configured in local user view, to limit the number of local user
connections. However, with the accounting optional command configured, the limit on the number of
local user connections is not effective.
• The accounting method specified with the accounting default command is for all types of users and has
a priority lower than that for a specific access mode.
• With the radius-scheme
radius-scheme-name
local or hwtacacs-scheme
hwtacacs-scheme-name
local
keyword and argument combination configured, local accounting is the backup method and is used
only when the remote server is not available.
• If you specify only the local or none keyword in an accounting method configuration command, the
device has no backup accounting method and performs only local accounting or does not perform an
accounting.
• Accounting is not supported for FTP services.
Tearing down user connections forcibly
Follow these steps to tear down user connections forcibly:
To do… Use the command… Remarks
Enter system view system-view —
Tear down AAA user connections
forcibly
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index | user-name
user-name | vlan vlan-id } [ slot slot-number ]
Required
Applicable to only
LAN access, and
portal user
connections.
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where
identifying the access locations of users is a must, configure NAS ID-VLAN bindings on the switch. Then,
when a user gets online, the switch obtains the NAS ID by the access VLAN of the user and sends the
NAS ID to the RADIUS server through the NAS-identifier attribute.
Follow these steps to configure a NAS ID-VLAN binding:
To Next Page
Loading...
