How to change rights for online users

24

The Change of Authorization (CoA) function means that you can dynamically change rights of users on the RADIUS server through AAA. CoA allows the administrator to change the rights of an authenticated user through RADIUS. For example, employees of an enterprise access the enterprise intranet through different ports. After they go online, the RADIUS server can deliver the specified VLAN ID to the employees using the RADIUS protocol, so that the employees belong the same VLAN.

The CoA function only applies to RADIUS authorization, and cannot be used through local or HWTACACS authorization.

Other related questions:
How to change rights for online users
The Change of Authorization (CoA) function means that you can dynamically change rights of users on the RADIUS server through AAA. CoA allows the administrator to change the rights of an authenticated user through RADIUS. For example, employees of an enterprise access the enterprise intranet through different ports. After they go online, the RADIUS server can deliver the specified VLAN ID to the employees using the RADIUS protocol, so that the employees belong the same VLAN. The CoA function only applies to RADIUS authorization, and cannot be used through local or HWTACACS authorization.

How can I change rights for online users on S series switches
The Change of Authorization (CoA) function means that you can dynamically change rights of users on the RADIUS server through AAA. CoA allows the administrator to change the rights of an authenticated user through RADIUS. For example, employees of an enterprise access the enterprise intranet through different ports. After they go online, the RADIUS server can deliver the specified VLAN ID to the employees using the RADIUS protocol, so that the employees belong to the same VLAN. The CoA function only applies to RADIUS authentication and cannot be used in local or HWTACACS authentication on S series switches (except S1700 switches).

How do I configure the administrator level on an AR
If non-authentication is used, the administrator level is specified by using the user privilege level command in the VTY interface view. If local authentication is used, the administrator level can be configured in the following ways that are in descending order of priority: 1. Running the local-user privilege level command to configure the local user level 2. Running the admin-user privilege level command to configure the administrator level in a domain 3. Running the user privilege level command to configure the user level in the VTY interface view If remote authentication is used, the administrator level can be configured in the following ways that are in descending order of priority: 1. Using the user level sent by an authentication server to the AR after authentication has succeeded 2. Running the admin-user privilege level command to configure the administrator level in a domain 3. Running the user privilege level command to configure user level in the VTY interface view

How do I force an online user to go offline

You can run the free user-interface { ui-number | ui-type ui-number1 } command to remove a user from a specified user interface, that is, disconnect the user from the device.

This command does not take effect for the current user. For example, if the user interface of the current user is VTY 2, the free user-interface vty 2 command does not take effect and the system displays an error message.

<Huawei> free user-interface 0
Warning: User interface Console1 will be freed. Continue? [Y/N]:y

How to query users with customized rights on the U1900?
Run the show subscriber filter outgoingrights cus1 command.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top