R3303-HP HSR6800 Routers Security Command Reference
19
authorization lan-access
Use authorization lan-access to configure the authorization method for LAN users.
Use undo authorization lan-access to restore the default.
Syntax
authorization lan-access { local | none | radius-scheme radius-scheme-name [ local | none ] }
undo authorization lan-access
Default
The default authorization method for the ISP domain is used for LAN users.
Views
ISP domain view
Default command level
2: System level
Parameters
local: Performs local authorization.
none: Does not perform any authorization exchange. In this case, an authenticated LAN user can access
the network directly.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
This command is supported only on SAP interface modules that are operating in Layer 2 mode.
The specified RADIUS scheme must have been configured.
The RADIUS authorization configuration takes effect only when the authentication method and
authorization method of the ISP domain use the same RADIUS scheme.
Examples
# Configure ISP domain test to use local authorization for LAN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access local
# Configure ISP domain test to use RADIUS authorization scheme rd for LAN users and use local
authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization lan-access radius-scheme rd local
Related commands
• local-user
• authorization default
• radius scheme