MA5200 changes UCL group of users and it is useless for online users. Users are limited by ACL and cannot access network.
1. For the configuration of cyber users, at MA5200F the ACL of scheduled limit access:
acl number 3001 match-order auto
rule 16 net-user deny ip destination 1 time-range wangba
rule 17 user-net deny ip source 1 time-range wangba
time-range wangba 00:00 to 07:00 daily
2. In lical account recover the configuration of ucl－group as default group 0:
[MA5200F-local-aaa-server] batch-user ethernet 2 0 2 domain 163.net ucl-group 0
The user cannot access network from 00:00 to 07:00. Use display access-user and find that the user has accessed network for four~five days. Ucl-group is still denied group1 of ACL. New configuration is useless for users. So users cannot access network in scheduled time.
3. Cut these users with cut command. Re-access network and the problem is solved.
Client wants to cancel the limit of users' access and changes UCL group number, but it is invalid for online users. So canceling the limit fails. Users re-access the network or are offline.
For MA5200F/G, check user online information and find its ucl-group and inter-group. The change of these information cannot automatically upgrades to online users. Only reauthentication and the application can be successful.