To do...
Specify the default
authorization scheme for all
types of users
Specify the authorization
scheme for command line
users
Specify the authorization
scheme for LAN access users
Specify the authorization
scheme for login users
Specify the authorization
scheme for Portal access users
Specify the authorization
scheme for PPP users
Specify the authorization
scheme for VoIP users
n
The authorization scheme specified with the authorization default command
■
is for all types of users and has a priority lower than that for a specific access
mode.
RADIUS authorization is special in that it takes effect only when the RADIUS
■
authorization scheme is the same as the RADIUS authentication scheme. In
addition, if a RADIUS authorization fails, the error message returned to the
NAS says that the server is not responding.
With the radius-scheme radius-scheme-name local or hwtacacs-scheme
■
hwtacacs-scheme-name local keyword and argument combination configured,
the local scheme is the backup scheme and is used only when the RADIUS
server or TACACS server is not available.
If the primary authentication scheme is local or none, the system performs
■
local authorization or does not perform any authorization, rather than uses the
RADIUS or HWTACACS scheme.
Authorization information of the RADIUS server is sent to the RADIUS client
■
along with the authorization response message; therefore, you cannot specify
a separate RADIUS server. If you use RADIUS for authorization and
Use the command...
authorization default
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
authorization command
hwtacacs-scheme
hwtacacs-scheme-name
authorization lan-access
{ local | none |
radius-scheme
radius-scheme-name
[ local ] }
authorization login
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
authorization portal { none
| radius-scheme
radius-scheme-name }
authorization ppp
{ hwtacacs-scheme
hwtacacs-scheme-name
[ local ] | local | none |
radius-scheme
radius-scheme-name
[ local ] }
authorization voip
radius-scheme
radius-scheme-name
Configuring AAA
1765
Remarks
Optional
local by default
Optional
The default authorization
scheme is used by default.
Optional
The default authorization
scheme is used by default.
Optional
The default authorization
scheme is used by default.
Optional
The default authorization
scheme is used by default.
Optional
The default authorization
scheme is used by default.
Optional
The default authorization
scheme is used by default.