3com S7906E 参照ガイド
1-12
By default, the authorization scheme for all types of users is local.
Note that:
z
The RADIUS or HWTACACS scheme specified for the current ISP domain must have been
configured.
z
The authorization scheme specified with the authorization default command is for all types of
users and has a priority lower than that for a specific access mode.
z
RADIUS authorization is special in that it takes effect only when the RADIUS authorization scheme
is the same as the RADIUS authentication scheme. In addition, if a RADIUS authorization fails, the
error message returned to the NAS says that the server is not responding.
Related commands: authentication default, accounting default, hwtacacs scheme, radius
scheme.
Examples
# Configure the default ISP domain system to use the local authorization scheme for all types of users.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure the default ISP domain system to use RADIUS authorization scheme rd for all types of
users and to use the local authorization scheme as the backup scheme.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default radius-scheme rd local
authorization lan-access
Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name [ local ] }
undo authorization lan-access
View
ISP domain view
Default Level
2: System level
Parameters
local: Performs local authorization.
none: Does not perform any authorization. In this case, an authenticated user is automatically
authorized with the default right.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1
to 32 characters.
Description
Use the authorization lan-access command to specify the authorization scheme for LAN access
users.