3com 8807 Guia Do Utilizador
AAA Configuration
243
following table for reference), and cipher-force means that the password display
mode of all the accessing users must be in cipher text.
mode of all the accessing users must be in cipher text.
Setting/Removing the attributes of a local user
Perform the following configuration in local user view.
By default, users are not authorized to any service, all their priorities are 0.
n
When you bind a port to a user, this setting takes effect only when the slot
number, the subslot number and the port number exist.
number, the subslot number and the port number exist.
Disconnecting a User by
Force
Sometimes it is necessary to disconnect a user or a category of users by force. The
system provides the following command to serve for this purpose.
system provides the following command to serve for this purpose.
Perform the following configuration in system view.
Table 203 Set/Remove the attributes concerned with a specified user
Operation
Command
Set a password for a specified
user
user
password { simple | cipher } password
Remove the password set for
the specified user
the specified user
undo password
Set the state of the specified
user
user
state { active | block }
Set a service type for the
specified user
specified user
service-type { ftp [ ftp-directory directory ] | lan-access |
ppp [ call-number call-number | callback-nocheck |
callback-number callback-number ] | ssh [ level level |
telnet | terminal ] | telnet [ level level | ssh | temninal ] |
terminal [ level level | ssh | telnet ] }
ppp [ call-number call-number | callback-nocheck |
callback-number callback-number ] | ssh [ level level |
telnet | terminal ] | telnet [ level level | ssh | temninal ] |
terminal [ level level | ssh | telnet ] }
Cancel the service type of the
specified user
specified user
undo service-type { ftp [ ftp-directory directory ] |
lan-access | ppp [call-number call-number |
callback-nocheck | callback-number callback-number ] |
ssh [ level level | telnet | terminal ] | telnet [ level level |
ssh | terminal ] | terminal [ level level | ssh | telnet ] }
lan-access | ppp [call-number call-number |
callback-nocheck | callback-number callback-number ] |
ssh [ level level | telnet | terminal ] | telnet [ level level |
ssh | terminal ] | terminal [ level level | ssh | telnet ] }
Set the priority of the specified
user
user
level level
Restore the default priority of
the specified user
the specified user
undo level
Configure the attributes of
Lan-access users
Lan-access users
attribute { ip ip-address | mac mac-address | idle-cut second
| access-limit max-user-number | vlan vlanid | location {
nas-ip ip-address port portnum | port portnum }*
| access-limit max-user-number | vlan vlanid | location {
nas-ip ip-address port portnum | port portnum }*
Remove the attributes defined
for the lan-access users
for the lan-access users
undo attribute { ip | mac | idle-cut | access-limit | vlan |
location }*
location }*
Table 204 Disconnect a user by force
Operation
Command
Disconnect a user by force
cut connection { all | access-type { dot1x | gcm |
mac-authentication } | domain domain-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan vlanid
| ucibindex ucib-index | user-name user-name }
mac-authentication } | domain domain-name | interface
interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan vlanid
| ucibindex ucib-index | user-name user-name }