undo authorization default
View
ISP domain view
Default level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. After passing authentication, non-login users can
access the network, FTP users can access the root directory of the switch, and other login users can
access only the commands of Level 0.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Description
Use the authorization default command to configure the default authorization method for an ISP domain.
Use the undo authorization default command to restore the default.
By default, the default authorization method for the ISP domain of an ISP domain is local.
The specified RADIUS or HWTACACS scheme must have been configured.
The default authorization method will be used for all users that support the specified authorization
method and have no specific authorization method are configured.
The RADIUS authorization configuration takes effect only when the authentication method and
authorization method of the ISP domain use the same RADIUS scheme.
Related commands: local-user, hwtacacs scheme, radius scheme.
Examples
# Configure the default authorization method for ISP domain test to use RADIUS authorization scheme rd
and use local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization default radius-scheme rd local
authorization lan-access
Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name [ local | none ] }
undo authorization lan-access
View
ISP domain view
Default level
2: System level
12