Authorization Lan-Access - H3C S5120-SI Series Command Reference Manual

View
ISP domain view
Default Level
2: System level
Parameters
local: Performs local authorization.
none: Does not perform any authorization. In this case, an authenticated user is automatically
authorized with the corresponding default rights.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1
to 32 characters.
Description
Use the authorization default command to configure the authorization method for all types of users.
Use the undo authorization default command to restore the default.
By default, the authorization method for all types of users is local.
Note that:
The RADIUS scheme specified for the current ISP domain must have been configured.
The authorization method specified with the authorization default command is for all types of
users and has a priority lower than that for a specific access mode.
RADIUS authorization is special in that it takes effect only when the RADIUS authorization scheme
is the same as the RADIUS authentication scheme. If the RADIUS authorization scheme is
different from the RADIUS authentication scheme, RADIUS authorization will fail. In addition, if a
RADIUS authorization fails, the error message returned to the NAS says that the server is not
responding.
Related commands: authentication default, accounting default, radius scheme.
Examples
# Configure the default ISP domain system to use local authorization for all types of users.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure ISP domain test to use RADIUS authorization scheme rd for all types of users and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization default radius-scheme rd local

authorization lan-access

Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name [ local ] }
undo authorization lan-access
1-10