authorization when the RADIUS server is invalid, and does not perform authorization when both of the
previous methods are invalid.
Examples
# Configure ISP domain test to use local authorization for LAN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access local
# Configure ISP domain test to use RADIUS authorization scheme rd for LAN users and use local
authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access radius-scheme rd local
Related commands
authorization default
•
local-user
•
•
radius scheme
authorization login
Use authorization login to configure the authorization method for login users.
Use undo authorization login to restore the default.
Syntax
In non-FIPS mode:
authorization login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ]
[ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
undo authorization login
In FIPS mode:
authorization login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ]
[ local ] | local | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ]
[ local ] }
undo authorization login
Default
The default authorization method of the ISP domain is used for login users.
Views
ISP domain view
16