Syntax
access-limit
{ disable | enable max-user-number }
undo access-limit
View
ISP domain view
Parameter
disable: No
limit to the supplicant number in the current ISP domain.
enable max-user-number: Specifies the maximum supplicant number in the current ISP domain,
ranging from 1 to 1048.
Description
Use the access-limit command to
configure a limit to the amount of supplicants in the current ISP domain.
Use the undo access-limit
command to restore the limit to the default setting.
By default, there is no limit to the amount
of supplicants in the current ISP domain.
This command limits the amount of
supplicants contained in the current ISP domain. The supplicants may compete
for the network resources. So setting a suitable limit to the amount will
guarantee the reliable performance to the existing supplicants.
Example
# Set a limit of
500 supplicants for the ISP domain h3c163.net.
[H3C-isp-h3c163.net] access-limit
enable 500
Syntax
accounting {
hwtacacs-scheme hwtacacs-scheme-name | radius-scheme radius-scheme-name
| none }
undo
accounting
View
ISP domain view
Parameter
hwtacacs-scheme radius-scheme-name: Specifies the
HWTACACS scheme for accounting.
radius-scheme hwtacacs-scheme-name: Specifies the RADIUS
scheme for accounting.
none:
Specifies not to perform accounting.
Description
Use the accounting command to
configure an accounting scheme for the current ISP domain.
Use the undo accounting command to remove
the accounting scheme used by the ISP domain.
By default, no separate accounting scheme
is available.
Note that the RADIUS or HWTACACS accounting
scheme you configure by using the accounting command must exist already.
If you configure the accounting
command in ISP domain view, the system uses the scheme specified in the command
for accounting. Otherwise, the system uses the scheme specified by using the scheme
command.
Related command: scheme, radius
scheme, hwtacacs scheme.
Example
# Specify ISP domain h3c163.net to use RADIUS
scheme radius for accounting.
[H3C-isp-h3c163.net] accounting
radius-scheme radius
# Specify ISP domain h3c to use HWTACACS
scheme hwtac for accounting.
[H3C-isp-h3c] accounting hwtacacs-scheme
hwtac
Syntax
accounting optional
undo accounting optional
View
ISP domain view, RADIUS view
Parameter
None
Description
Use the accounting optional
command to enable optional accounting.
Use the undo accounting optional
command to disable it.
By default, optional accounting is
disabled.
After the accounting optional
command is configured, a user that will be disconnected otherwise can use the
network resources even when there is no available accounting server or the
communication with the current accounting server fails. This command is
normally used for the authentication without accounting.
Example
# Enable optional accounting for users in
the domain h3c163.net.
[H3C] domain h3c163.net
[H3C-isp-h3c163.net] accounting
optional
1.1.4 authentication
Syntax
authentication { hwtacacs-scheme hwtacacs-scheme-name [ local
] | radius-scheme radius-scheme-name [ local ]
| local | none }
undo authentication
View
ISP domain view
Parameter
hwtacacs-scheme hwtacacs-scheme-name: Specifies the
HWTACACS scheme for authentication.
radius-scheme radius-scheme-name: Specifies the RADIUS
scheme for authentication.
local:
Specifies to use the local authentication scheme.
none:
Specifies not to perform authentication.
Description
Use the authentication command to
configure an authentication scheme for the current ISP domain.
Use the undo
authentication command to restore the default authentication scheme of the
domain.
By default,
no separate authentication scheme is available.
Note that
the RADIUS or HWTACACS authentication scheme you configure by using the authentication
command must exist already.
If you configure the authentication
radius-scheme radius-scheme-name local or authentication
hwtacacs-scheme hwtacacs-scheme-name local command, the local
authentication scheme is the alternate scheme for use when the RADIUS server or
TACACS server is not responding properly. That is, the local authentication
scheme is used only when the RADIUS server or TACACS server is not available.
If you want the system to use the local
scheme as the first scheme, the local authentication scheme is the only scheme
for authentication, and you cannot configure any RADIUS or HWTACACS scheme at
the same time. That is, you can only specify the local keyword in the authentication
command. The same is true for the none keyword.
If you configure the authentication
command in ISP domain view, the system uses the scheme specified in the command
for authentication. Otherwise, the system uses the scheme specified by using
the scheme command.
Related command: scheme, radius
scheme, hwtacacs scheme.
Example
# Specify ISP domain h3c163.net to use RADIUS
scheme radius for authentication.
[H3C-isp-h3c163.net] authentication
radius-scheme radius
# Specify ISP domain h3c to use RADIUS
scheme rd for authentication and use the local authentication scheme as the
alternate one.
[H3C-isp-h3c] authentication
radius-scheme rd local
# Specify ISP domain h3c to use HWTACACS
scheme hwtac for authentication and use the local authentication scheme as the
alternate one.
[H3C-isp-h3c] authentication
hwtacacs-scheme hwtac local
Syntax
authorization { hwtacacs-scheme hwtacacs-scheme-name | none }
undo authorization
View
ISP domain view
Parameter
hwtacacs-scheme
hwtacacs-scheme-name:
Specifies the HWTACACS scheme for authorization.
none: Specifies not to perform authorization, that is, the system
provides services without authorization.
Description
Use the authorization command to
configure an authorization scheme for the current ISP domain.
Use the undo authorization command
to restore the default authorization scheme of the domain.
By default, no separate authorization
scheme is available.
Note that the HWTACACS authorization scheme
specified in this command must have existed.
If you configure the authorization
command in ISP domain view, the system uses the scheme specified in the command
for authorization. Otherwise, the system uses the scheme specified by using the
scheme command.
Related command: scheme, radius
scheme, hwtacacs scheme.
Example
# Specify ISP domain h3c to use HWTACACS
scheme hwtac for authorization.
[H3C-isp-h3c] authorization
hwtacacs-scheme hwtac
Syntax
display connection [ domain isp-name | hwtacacs-scheme
hwtacacs-scheme-name | ip ip-address | mac mac-address
| radius-scheme radius-scheme-name | ucibindex ucib-index
| user-name user-name ]
View
Any view
Parameter
domain isp-name:
Displays all the user connections belonging to the ISP domain specified by isp-name,
a character string not exceeding 24 characters. The specified ISP domain must be
an existing one.
hwtacacs-scheme hwtacacs-scheme-name: HWTACACS scheme
name.
ip ip-address:
Displays all the user connections related to the specified IP address.
mac mac-address: Displays a user connection by specifying its
hexadecimal MAC address in the format of x-x-x.
radius-scheme radius-scheme-name: Displays all the user connections
connected to the RADIUS server specified by radius-scheme-name, a
character string not exceeding 32 characters.
ucibindex ucib-index:
Displays information on a user connection by specifying its connection index
number, that is, ucib-index ranging from 0 to 1047.
user-name user-name
