hwtacacs scheme
local-user
authorization default
Use authorization default to specify default authorization methods for an ISP domain.
Use undo authorization default to restore the default.
Syntax
In non-FIPS mode:
authorization
radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme
radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }
undo authorization default
In FIPS mode:
authorization
radius-scheme-name ] [ local ] | local | radius-scheme radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] }
undo authorization default
Default
The default authorization method of an ISP domain is local.
Views
ISP domain view
Predefined user roles
network-admin
mdc-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization. The following default authorization information applies after
users pass authentication:
•
Non-login users can access the network.
•
Login users obtain the level-0 user role. Login users include the Telnet, FTP, SFTP, SCP, and
terminal users. Terminal users can access the device through the console port. For more
information about the level-0 user role, see RBAC configuration in Fundamentals Configuration
Guide.
•
The working directory for FTP, SFTP, and SCP login users is the root directory of the NAS.
However, the users do not have permission to access the root directory.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
The default authorization method is used for all users that support this method and do not have an
authorization method configured.
default
{
hwtacacs-scheme
default
{
hwtacacs-scheme
hwtacacs-scheme-name
hwtacacs-scheme-name
20
[
radius-scheme
[
radius-scheme