Authorization Sslvpn - H3C MSR Series Command Reference Manual

[Sysname] domain test
[Sysname-isp-test] authorization ppp radius-scheme rd local
Related commands
authorization default
hwtacacs scheme
local-user
radius scheme

authorization sslvpn

Use authorization sslvpn to specify authorization methods for SSL VPN users.
Use undo authorization sslvpn to restore the default.
Syntax
In non-FIPS mode:
authorization sslvpn { ldap-scheme ldap-scheme-name [ local ] [ none ] | local [ none ] | none |
radius-scheme radius-scheme-name [ local ] [ none ] }
undo authorization sslvpn
In FIPS mode:
authorization sslvpn { ldap-scheme ldap-scheme-name [ local ] | local | radius-scheme
radius-scheme-name [ local ] }
undo authorization sslvpn
Default
The default authorization methods of the ISP domain are used for SSL VPN users.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
ldap-scheme ldap-scheme-name: Specifies an LDAP scheme by its name, a case-insensitive string
of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization. Authenticated SSL VPN users can access the network
directly.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
Usage guidelines
You can specify one primary authorization method and multiple backup authorization methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence.
For example, the authorization sslvpn radius-scheme radius-scheme-name local none
command specifies a primary RADIUS authorization method and two backup methods (local
authorization and no authorization). The device performs RADIUS authorization by default and
performs local authorization when the RADIUS server is invalid. The device does not perform
authorization when both of the previous methods are invalid.
38