Forcing Users to Log out

You can force users to log out of the network based on AAA in certain scenarios, such as the scenario when the user access duration expires.

Context

  • When connections are disconnected according to the domain name, all online users under the disconnected domain will be forced to log out of the network.

  • When connections are disconnected according to the user name or user ID, all connections conforming to the disconnection condition will be disconnected.

Procedure

  • You can run the following commands in the AAA view to force users to log out of the network.

    • Run the cut access-user username user-name { all | hwtacacs | local | none | radius | radius-proxy } command to force users to log out of the network according to the user name.
    • Run the cut access-user domain domain-name command to force users to log out of the network according to the domain name.
    • Run the cut access-user mac-address mac-address command to force users to log out of the network according to the MAC address.
    • Run the cut access-user ipv6-address ipv6-address [ vpn-instance instance-name ] command to force users to log out of the network according to the IPv6 address.
    • Run the cut access-user ip-address ip-address [ end-ip-address ] [ vpn-instance instance-name ] command to force users to log out of the network according to the IP address.
    • Run the cut access-user interface interface-type interface-number [ pevlan pevlan-id [ cevlan cevlan-id ] ] command to force users to log out of the network according to the interface.
    • Run the cut access-user user-id start-no [ end-no ] command to forcibly log out online users with specified user IDs.
    • Run the cut access-user ip-pool pool-name command to forcibly log out all online users using a specified IP address pool.
    • Run the cut access-user slot slot-id command to forcibly log out all online users on the board in a specified slot.
    • Run the cut access-user ipv6-pool pool-name command to forcibly log out all online users using a specified IPv6 address pool.
    • Run the cut access-user ipv6-prefix prefix-address [ vpn-instance instance-name ] command to log out all online users for whom a specified IPv6 prefix is assigned.
    • Run the cut access-user authen-method authen-method-type command to log out online users using a specified authentication method.

  • You can run the following commands in the AAA view to force users to log out of the network.

    • Run the cut access-user domain domain-name command to force users to log out of the network according to the domain name.
    • Run the cut access-user mac-address mac-address command to force users to log out of the network according to the MAC address.
    • Run the cut access-user username user-name { all | hwtacacs | local | none | radius } command to force users to log out of the network according to the user name.
    • Run the cut access-user user-id start-no [ end-no ] command to forcibly log out online users with specified user IDs.
    • Run the cut access-user slot slot-id command to forcibly log out all online users on the board in a specified slot.

Parent Topic: Maintaining AAA and User Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic