Disconnecting Online Users

The NetEngine 8000 F can be configured to disconnect online users by a condition, such as the IP address, MAC address, access interface, or domain, or a combination of conditions.

Context

If there are multiple connections that satisfy a condition or a combination of connections, these connections are torn down at the same time.

You can tear down connections based on a combination of conditions, such as the domain name, interface name, IP address pool name, IPv6 address pool name, and username. For example, you can run the cut access-user interface gigabitethernet 0/1/1 domain dom1 ip-pool pool1 command to tear down a connection based on a combination of the interface name, domain name, and IP address pool name.

Perform the following steps on the router:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run aaa

    The AAA view is displayed.

  3. Run any of the following commands:

    • To disconnect online users by username, run the cut access-user username user-name { all | hwtacacs | local | none | radius | radius-proxy } command.

    • To disconnect online users by domain name, run the cut access-user domain domain-name command.
    • To disconnect online users by MAC address, run the cut access-user mac-address mac-address command.
    • To disconnect online users by IPv6 address or a combination of the IPv6 address and VPN instance name, run the cut access-user ipv6-address ipv6-address [ vpn-instance instance-name ] command.
    • To disconnect online users by IPv4 address or a combination of the IPv4 address and VPN instance name, run the cut access-user ip-address ip-address [ vpn-instance instance-name ] command.
    • To disconnect online users by interface, run the cut access-user interface interface-type interface-number [ pevlan vlan-id ] [ cevlan vlan-id ] command.
    • To disconnect online users by user ID, run the cut access-user user-id start-no [ end-no ] command.
    • To disconnect online users by IPv4 address pool name, run the cut access-user ip-pool pool-name command.
    • To disconnect online users by slot ID, run the cut access-user slot slot-id command.
    • To disconnect online users by IPv6 address pool name, run the cut access-user ipv6-pool pool-name command.
    • To disconnect online users by IPv6 prefix, run the cut access-user ipv6-prefix prefix-address/prefix-length command.
    • To disconnect online users by authentication mode, run the cut access-user authen-method authen-method-type command.
    • To disconnect online users with odd or even MAC addresses on a specified interface, run the cut access-user interface { interface-name | interface-type interface-number } [ odd-mac | even-mac ] command.
    • To disconnect online users by a combination of conditions, run the cut access-user { username user-name { all | hwtacacs | local | none | radius | radius-proxy } | domain domain-name | interface interface-type interface-number [ pevlan pevlan-id [ cevlan cevlan-id ] ] | ip-pool pool-name | ipv6-pool pool-name | authen-method authen-method-type | { qos-profile qos-profile-name | family-qos-profile family-qos-profile-name | resource-insufficient user-queue } [ inbound | outbound | both ] }* command.

  4. (Optional) Configure the device to forcibly log out a user if an IP address is released.
    1. (Optional) Run domain domain-name

      The domain view is displayed.

    2. (Optional) Run any-address-release offline

      The device is configured to forcibly log out a user if any IP address is released by the user.

      This command applies only to PPPoX and L2TP users.

    3. Run commit

      The configuration is committed.

  5. Run commit

    The configuration is committed.

Parent Topic: Configuring and Managing Users
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >