F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100
154
Syntax
authorization default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none |
radius-scheme radius-scheme-name [ local ] }
undo authorization default
Default
The default authorization method for the ISP domain of an ISP domain is local.
Views
ISP domain view
Default command level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. After passing authentication, non-login users can
access the network, FTP users can access the root directory of the device, and other login users can
access only the commands of Level 0. Support for AUX logins depends on the device model. For more
information, see Getting Started Guide.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
The specified RADIUS or HWTACACS scheme must have been configured.
The default authorization method is used for all users who support the specified authorization method
and have no specific authorization method configured.
The RADIUS authorization configuration takes effect only when the authentication method and
authorization method of the ISP domain use the same RADIUS scheme.
Examples
# Configure the default authorization method for ISP domain test to use RADIUS authorization scheme rd
and use local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization default radius-scheme rd local
Related commands
• local-user
• hwtacacs scheme
• radius scheme
authorization dvpn
Use authorization dvpn to configure the authorization method for DVPN users.
Use undo authorization dvpn to restore the default.