[Sysname-domain-test] authentication super hwtacacs-scheme tac
authorization command
Syntax
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local | none ] | local | none }
undo authorization command
View
ISP domain view
Default level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. In this case, an authenticated user can access only
commands of Level 0.
Description
Use the authorization command command to configure the command line authorization method.
Use the undo authorization command command to restore the default.
By default, the default authorization method for the ISP domain is used for command line authorization.
The specified HWTACACS scheme must have been configured.
With command line authorization configured, a user who has logged in to the switch can execute only
the commands with a level lower than or equal to that of the local user.
Related commands: local-user, authorization default, and hwtacacs scheme.
Examples
# Configure ISP domain test to use local command line authorization.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command local
# Configure ISP domain test to use HWTACACS scheme hwtac for command line authorization and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command hwtacacs-scheme hwtac local
authorization default
Syntax
authorization default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none |
radius-scheme radius-scheme-name [ local ] }
11