3Com S7902E Command Reference Manual - page 1753
1-12
By default, the authorization scheme for all types of users is
local
.
Note that:
z
The RADIUS or HWTACACS scheme specified for the current ISP domain must have been
configured.
z
The authorization scheme specified with the
authorization default
command is for all types of
users and has a priority lower than that for a specific access mode.
z
RADIUS authorization is special in that it takes effect only when the RADIUS authorization scheme
is the same as the RADIUS authentication scheme. In addition, if a RADIUS authorization fails, the
error message returned to the NAS says that the server is not responding.
Related commands:
authentication default
,
accounting default
,
hwtacacs scheme
,
radius
scheme
.
Examples
# Configure the default ISP domain
system
to use the local authorization scheme for all types of users.
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure the default ISP domain
system
to use RADIUS authorization scheme
rd
for all types of
users and to use the local authorization scheme as the backup scheme.
[Sysname] domain system
[Sysname-isp-system] authorization default radius-scheme rd local
authorization lan-access
Syntax
authorization lan-access
{
local
|
none
|
radius-scheme
radius-scheme-name
[
local
] }
undo authorization lan-access
View
ISP domain view
Default Level
2: System level
Parameters
local
: Performs local authorization.
none
: Does not perform any authorization. In this case, an authenticated user is automatically
authorized with the default right.
radius-scheme radius-scheme-name
: Specifies a RADIUS scheme by its name, which is a string of 1
to 32 characters.
Description
Use the
authorization lan-access
command to specify the authorization scheme for LAN access
users.