Configuring the AAA and RADIUS Protocols 279
Disconnecting a User by Force
Sometimes it is necessary to disconnect a user or a category of users by force. The
system provides the following command to serve this purpose.
Perform the following configurations in system view.
By default, no online user will be disconnected by force.
Configuring the RADIUS
Protocol
On the Switch 8800, the RADIUS protocol is configured per RADIUS server group
basis. In a real networking environment, a RADIUS server group can be an
independent RADIUS server or a set of primary/secondary RADIUS servers with the
same configuration but two different IP addresses. Attributes of every RADIUS
server group include IP addresses of primary and secondary servers, shared key and
RADIUS server type, etc.
RADIUS protocol configuration only defines some necessary parameters using
information for interaction between NAS and RADIUS Server. To make these
parameters effective, it is necessary to configure, in the view, an ISP domain to use
the RADIUS server group, and specify it to use RADIUS AAA schemes. For more
about the configuration commands, refer to
“Configuring AAA ”.
Tasks for configuring RADIUS are described in the following sections:
■ Creating/Deleting a RADIUS Server Group
■ Setting the IP Address and Port Number of RADIUS Server
■ Setting the RADIUS Packet Encryption Key
■ Setting the Response Timeout Timer of RADIUS Server
■ Setting Retransmission Times of the RADIUS Request Packet
■ Enabling the Selection of the RADIUS Accounting Option
■ Setting a Real-time Accounting Interval
■ Setting Maximum Times of Real-time Accounting Request
■ Enabling/Disabling Stop Accounting Request Buffer
Configure the attributes of lan-access users attribute {ip ip-address | mac mac-address |
idle-cut second | access-limit
max-user-number | vlan vlanid | location {
nas-ip ip-address port portnum | port
portnum }*
Remove the attributes defined for the
lan-access users
undo attribute {ip | mac | idle-cut |
access-limit | vlan | location }
Table 18 Disconnect a User by Force
Operation Command
Disconnect a user by force cut connection {all | access-type {dot1x |
gcm} | domain domain-name | interface
portnum | ip ip-address | mac mac-address |
radius-scheme radius-scheme-name | vlan
vlanid | ucibindex ucib-index | user-name
user-name }
Table 17 Set/Remove the Attributes Concerned with a Specified User
Operation Command