Switch 7700 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch Gigabit-LX Module

191

192

193

194

195

196

197

198

199

200

190 CHAPTER 9: AAA AND RADIUS OPERATION

Disconnecting a User by Force

Sometimes it is necessary to disconnect a user or a category of users by force. The

system provides the following command to serve for this purpose.

Perform the following configurations in system view.

By default, no online user will be disconnected by force.

Configuring the RADIUS

Protocol

On the Switch 7700, the RADIUS protocol is configured per RADIUS server group

basis. In real networking environment, a RADIUS server group can be an

independent RADIUS server or a set of primary/second RADIUS servers with the

same configuration but two different IP addresses. Attributes of every RADIUS

server group include IP addresses of primary and second servers, shared key and

RADIUS server type etc.

Actually, RADIUS protocol configuration only defines some necessary parameters

using information for interaction between NAS and RADIUS Server. To make these

parameters effective, it is necessary to configure, in the view, an ISP domain to use

the RADIUS server group and specify it to use RADIUS AAA schemes. For more

about the configuration commands, refer to

“Configuring AAA ”.

RADIUS configuration includes tasks that are described in the following sections:

■ Creating/Deleting a RADIUS Server Group

■ Setting the IP Address and Port Number of RADIUS Server

■ Setting the RADIUS Packet Encryption Key

■ Setting the Response Timeout Timer of RADIUS Server

■ Setting Retransmission Times of the RADIUS Request Packet

■ Setting a Real-time Accounting Interval

■ Setting Maximum Times of Real-time Accounting Request

■ Enabling/Disabling Stopping Accounting Request Buffer

■ Setting the Maximum Retransmitting Times of Stopping Accounting Request

■ Setting the Supported Type of RADIUS Server

■ Setting RADIUS Server State

Configure the attributes of

lan-access users

attribute {ip ip-address | mac mac-address | idle-cut second |

access-limit max-user-number | vlan vlanid | location

[nas-ip ip-address] port portnum}

Remove the attributes defined

for the lan-access users

undo attribute {ip | mac | idle-cut | access-limit | vlan |

location }

Tab le 17 Disconnect a User by Force

Operation Command

Disconnect a user by force cut connection {all | access-type {dot1x | gcm} | domain

domain-name | interface portnum | ip ip-address | mac

mac-address | radius-scheme radius-scheme-name | vlan

vlanid | ucibindex ucib-index | user-name user-name }

Table 16 Set/Remove the Attributes Concerned with a Specified User

Operation Command