Operation Manual – AAAH3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration2-10Caution:z The following characters are not allowed in the user-name string: /:*?<>. And youcannot input more than one “@” in the string.z After the local-user password-display-mode cipher-force command is executed,any password will be displayed in cipher mode even though you specify to display auser password in plain text by using the password command.z If a username and password is required for user authentication (RADIUSauthentication as well as local authentication), the command level that a user canaccess after login is determined by the privilege level of the user. For SSH usersusing RSA shared key for authentication, the commands they can access aredetermined by the levels set on their user interfaces.z If the configured authentication method is none or password authentication, thecommand level that a user can access after login is determined by the level of theuser interface.z If the clients connected to a port have different authorized VLANs, only the firstclient passing the MAC address authentication can be assigned with an authorizedVLAN. The switch will not assign authorized VLANs for subsequent users passingMAC address authentication. In this case, you are recommended to connect onlyone MAC address authentication user or multiple users with the same authorizedVLAN to a port.z For local RADIUS authentication to take effect, the VLAN assignment mode mustbe set to string after you specify authorized VLANs for local users.2.1.5 Cutting Down User Connections ForciblyFollow these steps to cut down user connections forcibly:To do… Use the command… RemarksEnter system view system-view —Cut down userconnections forciblycut connection { all | access-type { dot1x| mac-authentication } | domain isp-name| interface interface-type interface-number| ip ip-address | mac mac-address |radius-scheme radius-scheme-name |vlan vlan-id | ucibindex ucib-index |user-name user-name }Required