Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol
Configuration
Huawei Technologies Proprietary
2-8
Operation Command
Set a service type for the service-type { ftp [ ftp-direc
specified user
tory directory ] |
lan-access | { ssh | telnet }* [ level level ] }
Cancel the service type of
the specified user
undo service-type { ftp [ ftp-directory ] |
lan-access | { ssh | telnet }* [ level ] }
Configure the attributes of
lan-access users
attribute { ip ip-address | mac mac-address |
idle-cut second | access-limit max-user-number |
vlan vlanid | locati
on { nas-ip ip-address port
portnum | port portnum }*
Remove the attributes
defined for the lan-access
undo attribute { ip | mac | idle-cut | access-limit |
users
vlan | location }*
2.2.7 Disco orc
S
s following co
erform the following configurations in system view.
nnecting a User by F e
ometimes it is necessary to dis
ystem provides the
connect a user or a category of users by force. The
mmand to serve for this purpose.
P
Table 2-8 Disconnecting a user by force
Operation Command
Disconnect a
n { all | access-type dot1x } | domain
domain-name | interface portnum | ip ip-address | mac
d | ucibindex ucib-index | user-name user-name }
user by force
mac-address | radius-scheme radius-scheme-name | vlan
vlani
cut connectio
By default, no online user will be disconnected by force.
2.2.8 Configuring Dynamic VLAN with RADIUS Server
Based on the ute value of the RADIUS server s the ports of
the users wh ssed the authentication to diff se of
c
appli ork together with Guest
V t a
singl
urrently the ethernet switches support RADIUS server delivers the integer type and
N.
delivery attrib
o have pa
, the switch add
erent VLANs, for purpo
ontrolling the network resources
cations, the ports are set in port-b
that the users can access. In the practical
ased mode in order to w
LAN. When the port is in MAC addr
e user.
ess-based mode, each port can only connec
C
string type VLAN ID.
z Integer VLAN ID: The switch adds the port into the VLAN based on the integer ID
delivered from the server. If the VLAN does not exist, it first creates a VLAN and
then adds the port into the new VLA
To Next Page
Loading...
Need help?
General