cut connection

Syntax

cut connection { access-type { dot1x | mac-authentication | portal } | all | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name user-name | vlan vlan-id } [ slot slot-number ]

View

System view

Default level

2: System level

Parameters

access-type: Specifies the user connections of the specified access type.

all: Specifies all user connections.

domain isp-name: Specifies the user connections of an ISP domain. The isp-name argument refers to the name of an existing ISP domain and is a string of 1 to 24 characters.

interface interface-type interface-number: Specifies the user connections on an interface. Only Layer 2 Ethernet interfaces are supported.

ip ip-address: Specifies the user connections for an IP address.

mac mac-address: Specifies the user connections for a MAC address, with mac-address in the format H-H-H.

ucibindex ucib-index: Specifies the user connection that uses the connection index. The ucib-index argument ranges from 0 to 4294967295.

user-name user-name: Specifies the user connections that use the username. The user-name argument is a case-sensitive string of 1 to 80 characters. For a username entered without a domain name, the system assumes that the user is in the default domain or the mandatory authentication domain.

vlan vlan-id: Specifies the user connections of a VLAN, with vlan-id ranging from 1 to 4094.

slot slot-number: Specifies the user connections on the switch by its device ID. The slot-number argument represents the device ID, which must be 1.

Description

Use cut connection to tear down user connections forcibly.

This command applies to only LAN access and portal.

For 802.1X users whose usernames carry the version number or contain spaces, you cannot cut the connections by username.

For 802.1X users whose usernames use a slash (/) or backslash (\) as the domain name delimiter, you cannot cut their connections by username. For example, the cut connection user-name aaa\bbb command cannot cut the connections of the user aaa\bbb.

An interface that is configured with a mandatory authentication domain treats users of the corresponding access type as users in the mandatory authentication domain. For example, if you configure an 802.1X mandatory authentication domain on an interface, the interface uses the domain’s AAA methods for all its 802.1X users. To cut connections of such users, use the cut connection domain isp-name command and specify the mandatory authentication domain.

Related commands: display connection and service-type.

Examples

# Tear down all connections of ISP domain test.

<Sysname> system-view
[Sysname] cut connection domain test