Filter
Top Products
3Com Switch 8800 Configuration Guide
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con
figuration
40-11
Operation Command
Set the priority of the
specified user
level level
Restore the default priority of
the specified user
undo level
Configure the attributes of
lan-access users
attribute { ip ip-address | mac mac-address |
idle-cut second | access-limit max-user-number |
vlan vlanid | location { nas-ip ip-address port
portnum | port portnum }*
Remove the attributes
defined for the lan-access
users
undo attribute { ip | mac | idle-cut | access-limit |
vlan | location }*
By default, users are not authorized to any service, all their priorities are 0.
40.2.6 Disconnecting a User by Force
Sometimes it is necessary to disconnect a user or a category of users by force. The
system provides the following command to serve for this purpose.
Perform the following configuration in system view.
Table 40-8 Disconnect a user by force
Operation Command
Disconnect a user
by force
cut connection { all | access-type { dot1x | gcm |
mac-authentication } | domain domain-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan
vlanid | ucibindex ucib-index | user-name user-name }
40.2.7 Configuring Dynamic VLAN Delivering
Dynamic VLAN delivering enables an Ethernet switch to monitor network resources
available to users by adding the ports to which the authenticated users connect to
different VLANS according to the properties delivered by RADIUS servers. To work with
Guest VLAN, ports are usually configured to perform port-based authentications. (If
you configure a port to perform MAC address-based authentication, it can have only
one user connected.)
At present, a switch supports VLAN IDs delivered by RADIUS servers to be of string
type. The port is added to the VLANs on a switch with their IDs matching the one
delivered by the RADIUS servers. If this kind of VLANs does not exist, the VLAN
delivering fails and the user fails to pass the authentication.
Perform the following configuration in system view.