cut access-user

Function

The cut access-user command terminates one or multiple access user connections, also forcibly disconnecting online users.

Format

cut access-user domain domain-name [ slot slot-id cpu cpu-id ]

cut access-user user-id start-num [ end-num ] [ slot slot-id cpu cpu-id ]

cut access-user authentication-mode { ad | ldap | local | hwtacacs | radius | all } [ username user-name ] [ slot slot-id cpu cpu-id ]

cut access-user access-type { ipsec | l2tp | ppp | ssl-vpn } [ username user-name ] [ slot slot-id cpu cpu-id ]

cut access-user interface interface-type interface-number [ vlan vlan-id ] [ slot slot-id cpu cpu-id ]

cut access-user ip-address ip-address [ vpn-instance vpn-instance-name ] [ slot slot-id cpu cpu-id ]

cut access-user mac-address mac-address [ slot slot-id cpu cpu-id ]

cut access-user username user-name [ slot slot-id cpu cpu-id ]

cut access-user service-scheme service-scheme-name [ slot slot-id cpu cpu-id ]

cut access-user access-slot slot-id [ slot slot-id cpu cpu-id ]

Parameters

Parameter	Description	Value
domain domain-name	Terminates connections in a domain.	The value must be the name of an existing domain.
user-id start-num [ end-num ]	Terminates connections based on the user ID.	The value must be the name of an existing user ID.
authentication-mode { ad \| ldap \| local \| hwtacacs \| radius \| all }	Terminates connections based on the authentication mode.	all: all authentication mode ad: AD authentication mode ldap: LDAP authentication mode local: local authentication mode hwtacacs: HWTACACS authentication mode radius: RADIUS authentication mode
access-type { ipsec \| l2tp \| ppp \| ssl-vpn }	Terminates connections of service user.	ipsec: IPSec user l2tp: L2TP user ppp: PPPoE user ssl-vpn: SSL VPN user
username user-name	Terminates connections based on the user name.	The value must be the name of an existing user.
interface interface-type interface-number	Terminates connections based on the interface. Only Eth-Trunk or GE interfaces can be specified.	-
vlan vlan-id	Terminates connections based on the VLAN ID.	The value is an integer ranging from 1 to 4094.
ip-address ip-address	Terminates connections based on the IP address.	The value of ip-address is in dotted decimal notation.
vpn-instance vpn-instance-name	Indicates the name of the VPN instance that the specified IP address belongs to.	The value must be the name of an existing VPN instance.
mac-address mac-address	Terminates connections based on the MAC address.	The value is in H-H-H format. An H contains four hexadecimal digits.
service-scheme service-scheme-name	Terminates connections based on the service scheme.	The value must be the name of an existing service scheme.
access-slot slot-id	Terminates connections based on the interface card.	-
slot slot-id	Specifies the slot ID of the Service Processing Unit (SPU). Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-
cpu cpu-id	Specifies the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-

Views

AAA view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Performing some configurations, such as AAA, on the device, requires that no users be online. You can run the cut access-user command to disconnect sessions.

Precautions

The cut access-user command interrupts all services of the user whose session is torn down.
For administrators, lower-level users cannot tear down the connections of higher-level users.
If the character string of the user name contains spaces (for example, a b), you can run the display access-user username "a b" command to view online users.
If the character string of the user name contains spaces and quotation marks ("") simultaneously, you cannot use the user name to view online users. In this case, you can run the display access-user | include username command to view the user ID of the online user, and then run the display access-user user-id user-id command to view the user. Alternatively, you can run the cut access-user user-id user-id command to force the user to go offline.

Example

# Terminate connections based on local user name user0.

<sysname> system-view
[sysname] aaa
[sysname-aaa] cut access-user authentication-mode local username user0