HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 23

display connection, Description, Examples, Syntax

Get HP 6125G PDF manuals and user guides View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

• mac-authentication: Indicates MAC address authentication. all: Specifies all user connections. domain isp-name: Specifies the user connections of an ISP domain. The isp-name argument refers to the name of an existing ISP domain and is a string of 1 to 24 characters. interface interface-type interface-number: Specifies the user connections on an interface. Only Layer 2 Ethernet interfaces are supported. ip ip-address: Specifies the user connections for an IP address. mac mac-address: Specifies the user connections for a MAC address, with mac-address in the format H-H-H. ucibindex ucib-index: Specifies the user connection that uses the connection index. The ucib-index argument ranges from 0 to 4294967295. user-name user-name: Specifies the user connections that use the username. The user-name argument is a case-sensitive string of 1 to 80 characters. For a username entered without a domain name, the system assumes that the user is in the default domain or the mandatory authentication domain. vlan vlan-id: Specifies the user connections of a VLAN, with vlan-id ranging from 1 to 4094. slot slot-number: Specifies the user connections on an IRF member device. The slot-number argument represents the ID of the IRF member device. The value range for the argument depends on the number of member devices and their member IDs in the IRF fabric. Description Use cut connection to tear down user connections forcibly. This command applies to only LAN access. For 802.1X users whose usernames carry the version number or contain spaces, you cannot cut the connections by username. For 802.1X users whose usernames use a slash (/) or backslash (\) as the domain name delimiter, you cannot cut their connections by username. For example, the cut connection user-name aaa\bbb command cannot cut the connections of the user aaa\bbb. An interface that is configured with a mandatory authentication domain treats users of the corresponding access type as users in the mandatory authentication domain. For example, if you configure an 802.1X mandatory authentication domain on an interface, the interface uses the domain's AAA methods for all its 802.1X users. To cut connections of such users, use the cut connection domain isp-name command and specify the mandatory authentication domain. Related commands: display connection and service-type. Examples # Tear down all connections of ISP domain test. system-view [Sysname] cut connection domain test display connection Syntax display connection [ access-type { dot1x | mac-authentication } | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name user-name | vlan vlan-id ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] 14

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
14
mac-authentication
: Indicates MAC address authentication.
all
: Specifies all user connections.
domain
isp-name
: Specifies the user connections of an ISP domain. The
isp-name
argument refers to the
name of an existing ISP domain and is a string of 1 to 24 characters.
interface
interface-type interface-number
: Specifies the user connections on an interface. Only Layer 2
Ethernet interfaces are supported.
ip
ip-address
: Specifies the user connections for an IP address.
mac
mac-address
: Specifies the user connections for a MAC address, with
mac-address
in the format
H-H-H.
ucibindex
ucib-index
: Specifies the user connection that uses the connection index. The
ucib-index
argument ranges from 0 to 4294967295.
user-name
user-name
: Specifies the user connections that use the username. The
user-name
argument is
a case-sensitive string of 1 to 80 characters. For a username entered without a domain name, the system
assumes that the user is in the default domain or the mandatory authentication domain.
vlan
vlan-id
: Specifies the user connections of a VLAN, with
vlan-id
ranging from 1 to 4094.
slot
slot-number
: Specifies the user connections on an IRF member device. The
slot-number
argument
represents the ID of the IRF member device. The value range for the argument depends on the number of
member devices and their member IDs in the IRF fabric.
Description
Use
cut connection
to tear down user connections forcibly.
This command applies to only LAN access.
For 802.1X users whose usernames carry the version number or contain spaces, you cannot cut the
connections by username.
For 802.1X users whose usernames use a slash (/) or backslash (\) as the domain name delimiter, you
cannot cut their connections by username. For example, the
cut connection user-name aaa\bbb
command cannot cut the connections of the user
aaa\bbb
.
An interface that is configured with a mandatory authentication domain treats users of the corresponding
access type as users in the mandatory authentication domain. For example, if you configure an 802.1X
mandatory authentication domain on an interface, the interface uses the domain’s AAA methods for all
its 802.1X users. To cut connections of such users, use the
cut connection domain
isp-name
command and
specify the mandatory authentication domain.
Related commands:
display connection
and
service-type
.
Examples
# Tear down all connections of ISP domain
test.
<Sysname> system-view
[Sysname] cut connection domain test
display connection
Syntax
display
connection
[
access-type
{
dot1x
|
mac-authentication
} |
domain
isp-name
|
interface
interface-type interface-number
|
ip
ip-address
|
mac
mac-address
|
ucibindex
ucib-index
|
user-name
user-name
|
vlan
vlan-id
] [
slot
slot-number
] [
|
{
begin
|
exclude
|
include
}
regular-expression
]