R3303-HP HSR6800 Routers Security Configuration Guide
50
• You can configure local authorization (local) or no authorization (none) as the backup for remote
authorization that is used when the remote authorization server is unavailable.
• Local authorization (local) and no authorization (none) cannot have a backup method.
Configuration procedure
To configure authorization methods for an ISP domain:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter ISP domain view.
domain isp-name N/A
3. Specify the default
authorization method for
all types of users.
authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is local for all types of
users.
4. Specify the command
authorization method.
authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local | none ] |
local | none }
Optional.
The default authorization
method is used by default.
5. Specify the authorization
method for DVPN users.
authorization dvpn { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
6. Specify the authorization
method for LAN users.
authorization lan-access { local | none |
radius-scheme radius-scheme-name [ local |
none ] }
Optional.
The default authorization
method is used by default.
This command is supported
only on SAP interface
modules that are operating in
Layer 2 mode.
7. Specify the authorization
method for login users.
authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
8. Specify the authorization
method for portal users.
authorization portal { local | none |
radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
9. Specify the authorization
method for PPP users.
authorization ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name
[ local ] }
Optional.
The default authorization
method is used by default.
Configuring accounting methods for an ISP domain
In AAA, accounting is a separate process at the same level as authentication and authorization. This
process sends accounting start/update/end requests to the specified accounting server. Accounting is
optional.
AAA supports the following accounting methods:
• No accounting (none)—The NAS does not perform accounting for the users.