Guy Fraser wrote: > there. I looked into it briefly for Cisco 5248 and determined > that by setting the interface administratively down would boot > the user, then setting it back to up would allow it to accept > access again. The tricky part was matching the user to the > interface so you would kick the right user.
We have Ciscos here. You don't need to set the int to down. Just clear the tty. You can use bash and expect to write a script. You will need to find which tty to clear first (also doable via bash/expect/grep/awk). If you use tacacs, you can give a special user rights to only do very specific commands which should limit the liability of having the password in the script. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html