R21xx-HP FlexFabric 11900 Security Command Reference
12
[Sysname] domain test
[Sysname-isp-test] authorization default radius-scheme rd local
Related commands
• hwtacacs scheme
• local-user
• radius scheme
authorization login
Use authorization login to configure the authorization method for login users.
Use undo authorization login to restore the default.
Syntax
In non-FIPS mode:
authorization login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ]
[ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
undo authorization login
In FIPS mode:
authorization login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ]
[ local ] | local | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ]
[ local ] }
undo authorization login
Default
The default authorization method of the ISP domain is used for login users.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization. After passing authentication, FTP users can access the root
directory of the device, and other login users get the default user role. For more information about the
default user role, see Fundamentals Configuration Guide.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
The RADIUS authorization configuration takes effect only when the authentication method and
authorization method of the ISP domain use the same RADIUS scheme.