H3C s3600 series Command Manual page 522

View
ISP domain view
Parameters
radius-scheme radius-scheme-name: Specifies to use a RADIUS authentication scheme. Here,
radius-scheme-name is a string of up to 32 characters.
hwtacacs-scheme hwtacacs-scheme-name: Specifies to use an HWTACACS authentication scheme.
Here, hwtacacs-scheme-name is a string of up to 32 characters.
local: Specifies to use local authentication scheme.
none: Specifies not to perform authentication.
Description
Use the authentication command to configure an authentication scheme for current ISP domain.
Use the undo authentication command to restore the default authentication scheme setting of current
ISP domain.
By default, no separate authentication scheme is configured for an ISP domain.
Note that:
Before you can use the authentication command to reference a RADIUS scheme in current ISP
domain, the RADIUS scheme must already exist.
If you execute the authentication radius-scheme radius-scheme-name local command, the local
scheme is used as the secondary authentication scheme in case no RADIUS server is available.
That is, if the communication between the switch and a RADIUS server is normal, no local
authentication will be performed; otherwise, local authentication will be performed.
If you execute the authentication hwtacacs-scheme hwtacacs-scheme-name local command,
the local scheme is used as the secondary authentication scheme in case no TACACS server is
available. That is, if the communication between the switch and a TACACS server is normal, no
local authentication will be performed; otherwise, local authentication will be performed.
If you execute the authentication local command, the local scheme is used as the primary
scheme. In this case, there is no secondary authentication scheme.
If you execute the authentication none command, no authentication will be performed.
The authentication command takes precedence over the scheme command. If the
authentication command is configured in an ISP domain view, the system uses the authentication
scheme referenced in the command to authenticate the users in the domain; otherwise it uses the
scheme referenced in the scheme command to authenticate the users.
Related commands: scheme, radius scheme, hwtacacs scheme.
Examples
# Reference the RADIUS scheme "radius1" as the authentication scheme of the ISP domain
aabbcc.net.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] domain aabbcc.net
New Domain added.
[Sysname-isp-aabbcc.net] authentication radius-scheme radius1
1-5