3com S7906E Guide De Référence

 

1-12 

By default, the authorization scheme for all types of users is local. 

Note that: 

z 

The RADIUS or HWTACACS scheme specified for the current ISP domain must have been 

configured. 

z 

The authorization scheme specified with the authorization default command is for all types of 

users and has a priority lower than that for a specific access mode. 

z 

RADIUS authorization is special in that it takes effect only when the RADIUS authorization scheme 

is the same as the RADIUS authentication scheme. In addition, if a RADIUS authorization fails, the 

error message returned to the NAS says that the server is not responding. 

Related commands: authentication default,  accounting default,  hwtacacs scheme,  radius 

scheme. 

# Configure the default ISP domain system to use the local authorization scheme for all types of users. 

<Sysname> system-view 

[Sysname] domain system 

[Sysname-isp-system] authorization default local 

# Configure the default ISP domain system to use RADIUS authorization scheme rd for all types of 

users and to use the local authorization scheme as the backup scheme.  

<Sysname> system-view 

[Sysname] domain system 

[Sysname-isp-system] authorization default radius-scheme rd local 

authorization lan-access { local | none | radius-scheme radius-scheme-name [ local ] } 

ISP domain view 

2: System level 

local: Performs local authorization. 

none: Does not perform any authorization. In this case, an authenticated user is automatically 

authorized with the default right. 

radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 

to 32 characters. 

Use the authorization lan-access command to specify the authorization scheme for LAN access 

users.