3com MSR 20-20 참조 매뉴얼
1927
■
The authorization scheme specified with the authorization default command
is for all types of users and has a priority lower than that for a specific access
mode.
is for all types of users and has a priority lower than that for a specific access
mode.
■
RADIUS authorization is special in that it takes effect only when the RADIUS
authorization scheme is the same as the RADIUS authentication scheme. In
addition, if a RADIUS authorization fails, the error message returned to the
NAS says that the server is not responding.
authorization scheme is the same as the RADIUS authentication scheme. In
addition, if a RADIUS authorization fails, the error message returned to the
NAS says that the server is not responding.
Related command:
Example
# Configure the default ISP domain system to use the local authorization scheme
for all types of users.
for all types of users.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default local
# Configure the default ISP domain system to use RADIUS authorization scheme
rd for all types of users and to use the local authorization scheme as the backup
scheme.
rd for all types of users and to use the local authorization scheme as the backup
scheme.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] authorization default radius-scheme rd local
authorization lan-access
Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name
[ local ] }
[ local ] }
undo authorization lan-access
View
ISP domain view
Parameter
local: Performs local authorization.
none: Does not perform any authorization. In this case, an authenticated user is
automatically authorized with the default right.
automatically authorized with the default right.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name,
which is a string of 1 to 32 characters.
which is a string of 1 to 32 characters.
Description
Use the authorization lan-access command to specify the authorization
scheme for LAN access users.
scheme for LAN access users.
Use the undo authorization lan-access command to restore the default.
By default, the default authorization scheme is used for LAN access users.