Filter
Top Products
1927
■ The authorization scheme specified with the authorization default command
is for all types of users and has a priority lower than that for a specific access
mode.
■ RADIUS authorization is special in that it takes effect only when the RADIUS
authorization scheme is the same as the RADIUS authentication scheme. In
addition, if a RADIUS authorization fails, the error message returned to the
NAS says that the server is not responding.
Related command: authentication default, accounting default, hwtacacs scheme, radius
scheme.
Example # Configure the default ISP domain system to use the local authorization scheme
for all types of users.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure the default ISP domain system to use RADIUS authorization scheme
rd for all types of users and to use the local authorization scheme as the backup
scheme.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default radius-scheme rd local
authorization lan-access
Syntax authorization lan-access { local | none | radius-scheme radius-scheme-name
[ local ]}
undo authorization lan-access
View ISP domain view
Parameter local: Performs local authorization.
none: Does not perform any authorization. In this case, an authenticated user is
automatically authorized with the default right.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name,
which is a string of 1 to 32 characters.
Description Use the
authorization lan-access command to specify the authorization
scheme for LAN access users.
Use the
undo authorization lan-access command to restore the default.
By default, the default authorization scheme is used for LAN access users.