Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
31323334353637383940
24
cut connection { access-type { dot1x | mac-authentication | portal } | all | domain isp-name | interface
interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name
user-name } [ chassis chassis-number slot slot-number ]
Views
System view
Default command level
2: System level
Parameters
access-type: Specifies the user connections of the specified access type.
dot1x: Indicates 802.1X authentication. This keyword is supported only on the SAP interface
modules that are operating in Layer 2 mode.
mac-authentication: Indicates MAC address authentication. This keyword is supported only on the
SAP interface modules that are operating in Layer 2 mode.
portal: Indicates portal authentication.
all: Specifies all user connections.
domain isp-name: Specifies the user connections of an ISP domain. The isp-name argument represents
the name of an existing ISP domain and is a string of 1 to 24 characters.
interface interface-type interface-number: Specifies the user connections on an interface. Only Layer 2
Ethernet interfaces are supported.
ip ip-address: Specifies the user connections for an IP address.
mac mac-address: Specifies the user connections for a MAC address, with mac-address in the format
H-H-H.
ucibindex ucib-index: Specifies the user connection that uses the connection index, in the range of 0 to
4294967295.
user-name user-name: Specifies the user connections that use the username. The user-name argument is
a case-sensitive string of 1 to 80 characters. For a username entered without a domain name, the system
assumes that the user is in the default domain or the mandatory authentication domain.
slot slot-number: Specifies a card by its slot number. The slot-number argument represents the slot number
of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number
argument represents the member ID of the IRF member device, and the slot-number argument represents
the slot number of the card. (In IRF mode.)
Usage guidelines
This command applies to LAN, portal, and PPP user connections.
For 802.1X users whose usernames carry the version number or contain spaces, you cannot cut the
connections by username.
For 802.1X users whose usernames use a forward slash (/) or backward slash (\) as the domain name
delimiter, you cannot cut their connections by username. For example, the cut connection user-name
aaa\bbb command cannot cut the connections of the user aaa\bbb.
An interface that is configured with a mandatory authentication domain treats users of the corresponding
access type as users in the mandatory authentication domain. For example, if you configure an 802.1X
mandatory authentication domain on an interface, the interface uses the domain's AAA methods for all