3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

501

502

503

504

505

506

507

508

509

510

502 CHAPTER 48: AAA & RADIUS & HWTACACS CONFIGURATION

CAUTION:

■ The character string of user-name cannot contain "/", ":", "*", "?", "<" and

">". Moreover, "@" can be used no more than once.

■ After the local-user password-display-mode cipher-force command is

executed, all passwords will be displayed in cipher mode even through you

specify to display user passwords in plain text by using the password

command.

■ If the configured authentication method (local or RADIUS) requires a user name

and a password, the command level that a user can access after login is

determined by the priority level of the user. For SSH users, when they use RSA

shared keys for authentication, the commands they can access are determined

by the levels set on their user interfaces.

■ If the configured authentication method is none or requires a password, the

command level that a user can access after login is determined by the level of

the user interface.

Cutting Down User

Connections Forcibly

Authorize the user to access

the specified type(s) of

service(s)

service-type { ftp |

lan-access | { telnet | ssh |

terminal }* [ level level ] }

Required

By default, the system does

not authorize the user to

access any service.

Set the priority level of the

user

level level

Optional

By default, the priority level of

the user is 0.

Set the attributes of the user

whose service type is

lan-access

attribute { ip ip-address |

mac mac-address | idle-cut

second | access-limit

max-user-number | vlan

vlan-id | location { nas-ip

ip-address port port-number |

port port-number } }*

Optional

If the user is bound to a

remote port, you must specify

the nas-ip parameter (the

following ip-address is

127.0.0.1 by default,

representing this device). If

the user is bound to a local

port, you do not need to

specify the nas-ip parameter.

Table 380 Configure the attributes of a local user

Operation Command Description

Tabl e 381 Cut down user connection forcibly

Operation Command Description

Enter system view system-view -

Cut down user connections

forcibly

cut connection { all |

access-type { dot1x |

mac-authentication } |

domain isp-name | interface

interface-type

interface-number | ip

ip-address | mac mac-address

| radius-scheme

radius-scheme-name | vlan

vlan-id | ucibindex ucib-index

| user-name user-name }

Required