Command Manual – Security
Quidway S8500 Series Routing Switches
Chapter 2 AAA and RADIUS/HWTACACS Protocol
Configuration Commands
Huawei Technologies Proprietary
2-3
users locate.) The argument minute defines the idle-cut time, which is in the range of 60
to 7200 seconds.
access-limit max-user-number: Specifies the maximum number who access the
device by using the current user name. The argument max-user-number is in the range
of 1 to 2048.
vlan vlanid: Sets the VLAN attribute of user, in other words, the VLAN to which a user
belong. The argument vlanid is an integer in the range of 1 to 4094.
location: Sets the port binding attribute of user.
nas-ip ip-address: IP address of the access server in the event of binding a remote port
with a user. The argument ip-address is an IP address in dotted decimal format and
defaults to 127.0.0.1 (which represents the local machine).
port portnum: Sets the port with which a user is bound. The argument portnum is
represented by “SlotNumber SubSlotNumber PortNumber”. If the bound port has no
SubSlotNumber, the value 0 can be used as the SubSlotNumber.
Description
Use the attribute command to configure some attributes for specified local user.
Use the undo attribute command to cancel the attributes that have been defined for
this local user.
As for attributes of the users that are of local LAN service type, user IP address and
MAC address attribute are valid only when the ISP domain authentication scheme is a
local authentication scheme, or the ISP domain authentication scheme is a RADIUS
authentication scheme and the type of the RADIUS scheme is HUAWEI.
It should be noted that the argument nas-ip must be defined for a user bound with a
remote port, which is unnecessary, however, in the event of a user bound with a local
port.
Related command: display local-user.
Example
# Configure the IP address 10.110.50.1 to the user huawei1.
[Quidway-luser-huawei1] attribute ip 10.110.50.1
2.1.4 cut connection
Syntax
cut connection { all | access-type { dot1x | gcm | mac-authentication } | domain
domain-name | interface interface-type interface-num | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex
ucib-index | user-name user-name }
To Next Page
Loading...
