3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

241

242

243

244

245

246

247

248

249

250

AAA Configuration 243

following table for reference), and cipher-force means that the password display

mode of all the accessing users must be in cipher text.

Setting/Removing the attributes of a local user

Perform the following configuration in local user view.

By default, users are not authorized to any service, all their priorities are 0.

When you bind a port to a user, this setting takes effect only when the slot

number, the subslot number and the port number exist.

Disconnecting a User by

Force

Sometimes it is necessary to disconnect a user or a category of users by force. The

system provides the following command to serve for this purpose.

Perform the following configuration in system view.

Tab le 203 Set/Remove the attributes concerned with a specified user

Operation Command

Set a password for a specified

user

password { simple | cipher } password

Remove the password set for

the specified user

undo password

Set the state of the specified

user

state { active | block }

Set a service type for the

specified user

service-type { ftp [ ftp-directory directory ] | lan-access |

ppp [ call-number call-number | callback-nocheck |

callback-number callback-number ] | ssh [ level level |

terminal [ level level | ssh | telnet ] }

Cancel the service type of the

specified user

undo service-type { ftp [ ftp-directory directory ] |

lan-access | ppp [call-number call-number |

callback-nocheck | callback-number callback-number ] |

ssh [ level level | telnet | terminal ] | telnet [ level level |

ssh | terminal ] | terminal [ level level | ssh | telnet ] }

Set the priority of the specified

user

level level

Restore the default priority of

the specified user

undo level

Configure the attributes of

Lan-access users

attribute { ip ip-address | mac mac-address | idle-cut second

| access-limit max-user-number | vlan vlanid | location {

nas-ip ip-address port portnum | port portnum }*

Remove the attributes defined

for the lan-access users

undo attribute { ip | mac | idle-cut | access-limit | vlan |

location }*

Tab le 204 Disconnect a user by force

Operation Command

Disconnect a user by force

cut connection { all | access-type { dot1x | gcm |

mac-authentication } | domain domain-name | interface

interface-type interface-number | ip ip-address | mac

mac-address | radius-scheme radius-scheme-name | vlan vlanid

| ucibindex ucib-index | user-name user-name }