cut access-user

Function

The cut access-user command terminates one or multiple access user connections, also forcibly disconnecting online users.

Format

cut access-user { domain domain-name | interface interface-type interface-number [ vlan vlan-id [ qinq qinq-vlan-id ] ] | ip-address ip-address [ vpn-instance vpn-instance-name ] | mac-address mac-address | service-scheme service-scheme-name | access-slot slot-id | user-id begin-number [ end-number ] | username user-name }

cut access-user ssid ssid-name (This command is only supported by the S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-HI, and S5720-HI.)

cut access-user access-type { admin [ ftp | ssh | telnet | terminal | web ] | ppp } [ username user-name ]

Parameters

Parameter	Description	Value
domain domain-name	Disconnects sessions in a specified domain.	The value must be the name of an existing domain.
interface interface-type interface-number	Disconnects sessions on a specified interface. interface-type specifies the interface type. interface-number specifies the interface number.	-
vlan vlan-id [ qinq qinq-vlan-id ]	Disconnects sessions in a specified VLAN. vlan-id specifies the ID of a VLAN. In QinQ applications, this parameter specifies the inner VLAN ID. qinq-vlan-id specifies the outer VLAN ID.	The values of vlan-id and qinq-vlan-id are integers that range from 1 to 4094.
ip-address ip-address	Disconnects sessions initiated by a specified IP address.	The value is in dotted decimal notation.
vpn-instance vpn-instance-name	Indicates the name of the VPN instance that the specified IP address belongs to.	The value must be an existing VPN instance name.
mac-address mac-address	Disconnects sessions initiated by a specified MAC address.	The value is in H-H-H format. An H contains 4 hexadecimal digits.
service-scheme service-scheme-name	Terminates connections based on the service scheme.	The value must be the name of an existing service scheme.
access-slot slot-id	Disconnects sessions on a specified device.	The value range depends on the model of the device.
ssid ssid-name	Disconnects sessions initiated by a service set identifier (SSID) for a service set.	The SSID must already exist. NOTE: SSID is supported only in the NAC unified mode.
user-id begin-number [ end-number ]	Disconnects sessions of a specified user.	The user-id must exist on the device.
username user-name	Disconnects sessions of a user with a specified user name.	The value must be the name of an existing user.
access-type	Displays information about the users using the specified authentication mode.	-
admin [ ftp \| ssh \| telnet \| terminal \| web ]	Displays information about the administrators using the specified authentication mode. ftp: FTP user ssh: SSH user telnet: Telnet user terminal: Terminal user web: Web user	-
ppp	Displays information about online users using PPP authentication.	-

Views

AAA view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Performing some configurations, such as AAA, on the device, requires that no users be online. You can run the cut access-user command to disconnect sessions.

Precautions

The cut access-user command interrupts all services of the user whose session is torn down.
For administrators, lower-level users cannot tear down the connections of higher-level users.
If the character string of the user name contains spaces (for example, a b), you can run the display access-user username "a b" command to view online users.
If the character string of the user name contains spaces and quotation marks ("") simultaneously, you cannot use the user name to view online users. In this case, you can run the display access-user | include username command to view the user ID of the online user, and then run the display access-user user-id user-id command to view the user. Alternatively, you can run the cut access-user user-id user-id command to force the user to go offline.

Example

# Tear down the session initiated by the IP address 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] cut access-user ip-address 10.1.1.1