Authorization Ike - H3C MSR Series Command Reference Manual

authorization by default and performs local authorization when the RADIUS server is invalid. The
device does not perform authorization when both of the previous methods are invalid.
Examples
# In ISP domain test, use RADIUS scheme rd as the primary default authorization method and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization default radius-scheme rd local
Related commands
hwtacacs scheme
local-user
radius scheme

authorization ike

Use authorization ike to specify authorization methods for IKE extended authentication.
Use undo authorization ike to restore the default.
Syntax
In non-FIPS mode:
authorization ike { local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }
undo authorization ike
In FIPS mode:
authorization ike { local | radius-scheme radius-scheme-name [ local ] }
undo authorization ike
Default
The default authorization methods of the ISP domain are used for IKE extended authentication.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
local: Performs local authorization.
none: Does not perform authorization.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
You can specify one primary authorization method and multiple backup authorization methods.
When the default authorization method is invalid, the device attempts to use the backup
authorization methods in sequence. For example, the authorization ike radius-scheme
radius-scheme-name local none command specifies a primary RADIUS authorization method and
two backup methods (local authorization and no authorization). The device performs RADIUS
authorization by default and performs local authorization when the RADIUS server is invalid. The
device does not perform authorization when both of the previous methods are invalid.
31