HP FlexNetwork MSR Series Command Reference Manual page 49

Syntax
In non-FIPS mode:
authorization lan-access { local [ none ] | none | radius-scheme radius-scheme-name [ local ]
[ none ] }
undo authorization lan-access
In FIPS mode:
authorization lan-access { local | radius-scheme radius-scheme-name [ local ] }
undo authorization lan-access
Default
The default authorization method for the ISP domain is used for LAN users.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
local: Performs local authorization.
none: Does not perform authorization. An authenticated LAN user directly accesses the network.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
The RADIUS authorization configuration takes effect only when authentication and authorization
methods of the ISP domain use the same RADIUS scheme.
You can specify one primary authorization method and multiple backup authorization methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence.
For example, the authorization lan-access radius-scheme radius-scheme-name local none
command specifies a primary RADIUS authorization method and two backup methods (local
authorization and no authorization). The device performs RADIUS authorization by default and
performs local authorization when the RADIUS server is invalid. The device does not perform
authorization when both of the previous methods are invalid.
Examples
# In ISP domain test, perform local authorization for LAN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access local
# In ISP domain test, perform RADIUS authorization for LAN users based on scheme rd and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access radius-scheme rd local
Related commands
authorization default
local-user
radius scheme
31