Authorization Lan-Access - H3C S7500E Series Command Manual

Command Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Description
Use the authorization default command to specify the authorization scheme for all
types of users.
Use the undo authorization default command to restore the default.
By default, the authorization scheme for all types of users is local.
Note that:
The RADIUS or HWTACACS scheme specified for the current ISP domain must
have been configured.
The authorization scheme specified with the authorization default command is
for all types of users and has a priority lower than that for a specific access mode.
RADIUS authorization is special in that it takes effect only when the RADIUS
authorization scheme is the same as the RADIUS authentication scheme. In
addition, if a RADIUS authorization fails, the error message returned to the NAS
says that the server is not responding.
Related commands: authentication default, accounting default, hwtacacs scheme,
radius scheme.
Examples
# Configure the default ISP domain system to use the local authorization scheme for all
types of users.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure the default ISP domain system to use RADIUS authorization scheme rd
for all types of users and to use the local authorization scheme as the backup scheme.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default radius-scheme rd local

1.1.14 authorization lan-access

Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name
[ local ] }
undo authorization lan-access
View
ISP domain view
Chapter 1 AAA/RADIUS/HWTACACS
1-13
Configuration Commands