Authorization-Attribute (Isp Domain View) - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
You can specify one primary authorization method and multiple backup authorization methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence.
For example, the authorization ppp radius-scheme radius-scheme-name local none command
specifies a primary RADIUS authorization method and two backup methods (local authorization and
no authorization). The device performs RADIUS authorization by default and performs local
authorization when the RADIUS server is invalid. The device does not perform authorization when
both of the previous methods are invalid.
Examples
# In ISP domain test, perform local authorization for PPP users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization ppp local
# In ISP domain test, perform RADIUS authorization for PPP users based on scheme rd and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization ppp radius-scheme rd local
Related commands
authorization default
hwtacacs scheme
local-user
radius scheme
authorization-attribute (ISP domain view)
Use authorization-attribute to configure authorization attributes for users in an ISP domain.
Use undo authorization-attribute to restore the default of an authorization attribute.
Syntax
authorization-attribute { acl acl-number | car inbound cir committed-information-rate [ pir
peak-information-rate ] outbound cir committed-information-rate [ pir peak-information-rate ] |
idle-cut minute [ flow ] | igmp max-access-number max-access-number | ip-pool pool-name |
ipv6-pool ipv6-pool-name | ipv6-prefix ipv6-prefix prefix-length | mld max-access-number
max-access-number | { primary-dns | secondary-dns } { ip ipv4-address | ipv6 ipv6-address } |
session-group-profile session-group-profile-name | url url-string | user-group user-group-name |
user-profile profile-name | vpn-instance vpn-instance-name }
undo authorization-attribute { acl | car | idle-cut | igmp | ip-pool | ipv6-pool | ipv6-prefix | mld |
primary-dns | secondary-dns | session-group-profile | url | user-group | user-profile |
vpn-instance }
35
Advertisement
