3com MSR 20-20 참조 매뉴얼

■

The authorization scheme specified with the authorization default command 
is for all types of users and has a priority lower than that for a specific access 
mode.

■

RADIUS authorization is special in that it takes effect only when the RADIUS 
authorization scheme is the same as the RADIUS authentication scheme. In 
addition, if a RADIUS authorization fails, the error message returned to the 
NAS says that the server is not responding.

authentication default, accounting default, hwtacacs scheme, radius 
scheme.

# Configure the default ISP domain system to use the local authorization scheme 
for all types of users.

<Sysname> system-view

[Sysname] domain system

[Sysname-isp-system] authorization default local 

# Configure the default ISP domain system to use RADIUS authorization scheme 
rd for all types of users and to use the local authorization scheme as the backup 
scheme.

<Sysname> system-view

[Sysname] domain system

[Sysname-isp-system] authorization default radius-scheme rd local 

authorization lan-access { local | none | radius-scheme radius-scheme-name 
[ local ] }

ISP domain view

local: Performs local authorization.

none: Does not perform any authorization. In this case, an authenticated user is 
automatically authorized with the default right.

radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, 
which is a string of 1 to 32 characters.

Use the authorization lan-access command to specify the authorization 
scheme for LAN access users.

Use the undo authorization lan-access command to restore the default.

By default, the default authorization scheme is used for LAN access users.