Support User Manuals

3Com 3.01.01 Switch User Manual

Open as PDF

of 356

Configuring the AAA and RADIUS Protocols 279

Disconnecting a User by Force

Sometimes it is necessary to disconnect a user or a category of users by force. The

system provides the following command to serve this purpose.

Perform the following configurations in system view.

By default, no online user will be disconnected by force.

Configuring the RADIUS

Protocol

On the Switch 8800, the RADIUS protocol is configured per RADIUS server group

basis. In a real networking environment, a RADIUS server group can be an

independent RADIUS server or a set of primary/secondary RADIUS servers with the

same configuration but two different IP addresses. Attributes of every RADIUS

server group include IP addresses of primary and secondary servers, shared key and

RADIUS server type, etc.

RADIUS protocol configuration only defines some necessary parameters using

information for interaction between NAS and RADIUS Server. To make these

parameters effective, it is necessary to configure, in the view, an ISP domain to use

the RADIUS server group, and specify it to use RADIUS AAA schemes. For more

about the configuration commands, refer to

“Configuring AAA ”.

Tasks for configuring RADIUS are described in the following sections:

■ Creating/Deleting a RADIUS Server Group

■ Setting the IP Address and Port Number of RADIUS Server

■ Setting the RADIUS Packet Encryption Key

■ Setting the Response Timeout Timer of RADIUS Server

■ Setting Retransmission Times of the RADIUS Request Packet

■ Enabling the Selection of the RADIUS Accounting Option

■ Setting a Real-time Accounting Interval

■ Setting Maximum Times of Real-time Accounting Request

■ Enabling/Disabling Stop Accounting Request Buffer

Configure the attributes of lan-access users attribute {ip ip-address | mac mac-address |

idle-cut second | access-limit

max-user-number | vlan vlanid | location {

nas-ip ip-address port portnum | port

portnum }*

Remove the attributes defined for the

lan-access users

undo attribute {ip | mac | idle-cut |

access-limit | vlan | location }

Table 18 Disconnect a User by Force

Operation Command

Disconnect a user by force cut connection {all | access-type {dot1x |

gcm} | domain domain-name | interface

portnum | ip ip-address | mac mac-address |

radius-scheme radius-scheme-name | vlan

vlanid | ucibindex ucib-index | user-name

user-name }

Table 17 Set/Remove the Attributes Concerned with a Specified User

Operation Command

previous next