Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
66
The specified HWTACACS scheme must have been configured.
With command line authorization configured, a user who has logged in to the device can execute only
the commands with a level lower than or equal to that of the local user.
Related commands: local-user, authorization default, and hwtacacs scheme.
Examples
# Configure ISP domain test to use local command line authorization.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command local
# Configure ISP domain test to use HWTACACS scheme hwtac for command line authorization and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command hwtacacs-scheme hwtac local
authorization default
Syntax
authorization default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none |
radius-scheme radius-scheme-name [ local ] }
undo authorization default
View
ISP domain view
Default level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, which is a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. After passing authentication, non-login users can
access the network, FTP users can access the root directory of the device, and other login users can
access only the commands of Level 0.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, which is a case-insensitive
string of 1 to 32 characters.
Description
Use the authorization default command to configure the default authorization method for an ISP domain.
Use the undo authorization default command to restore the default.
By default, the default authorization method for the ISP domain of an ISP domain is local.
The specified RADIUS or HWTACACS scheme must have been configured.
The default authorization method will be used for all users that support the specified authorization
method and have no specific authorization method are configured.