Authorization Command - H3C MSR Series Command Reference Manual

Parameters
local: Performs local authorization.
none: Does not perform authorization.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
The RADIUS authorization configuration takes effect only when authentication and authorization
methods of the ISP domain use the same RADIUS scheme.
You can specify one primary authorization method and multiple backup authorization methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence.
For example, the authorization advpn radius-scheme radius-scheme-name local none command
specifies a primary RADIUS authorization method and two backup methods (local authorization and
no authorization). The device performs RADIUS authorization by default and performs local
authorization when the RADIUS server is invalid. The device does not perform authorization when
both of the previous methods are invalid.
Examples
# In ISP domain test, perform local authorization for ADVPN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization advpn local
# In ISP domain test, perform RADIUS authorization for ADVPN users based on scheme rd and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization advpn radius-scheme rd local
Related commands
authorization default
local-user
radius scheme

authorization command

Use authorization command to specify command authorization methods.
Use undo authorization command to restore the default.
Syntax
In non-FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local
[ none ] | none }
undo authorization command
In FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local }
undo authorization command
Default
The default authorization methods of the ISP domain are used for command authorization.
28