Authorization Lan-Access - HP MSR Series Command Reference Manual

Related commands
hwtacacs scheme
•
local-user
•
• radius scheme

authorization lan-access

Use authorization lan-access to configure the authorization method for LAN users.
Use undo authorization lan-access to restore the default.
Syntax
In non-FIPS mode:
authorization lan-access { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }
undo authorization lan-access
In FIPS mode:
authorization lan-access { local | radius-scheme radius-scheme-name [ local ] }
undo authorization lan-access
Default
The default authorization method for the ISP domain is used for LAN users.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
local: Performs local authorization.
none: Does not perform authorization. An authenticated LAN user directly accesses the network.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
The RADIUS authorization configuration takes effect only when authentication and authorization
methods of the ISP domain use the same RADIUS scheme.
You can specify one primary authorization method and multiple backup authorization methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence. For
example, the authorization lan-access radius-scheme radius-scheme-name local none command
specifies a primary RADIUS authorization method and two backup methods (local authorization and no
authorization). The device performs RADIUS authorization by default and performs local authorization
when the RADIUS server is invalid. The device does not perform authorization when both of the previous
methods are invalid.
Examples
# Configure ISP domain test to use local authorization for LAN users.
20