R0106-HP MSR Router Series Security Command Reference(V7)

Views

ISP domain view

Predefined user roles

network-admin

Parameters

hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a

case-insensitive string of 1 to 32 characters.

ldap-scheme ldap-scheme-name: Specifies an LDAP scheme by its name, a case-insensitive string of 1 to

32 characters.

local: Performs local authentication.

none: Does not perform authentication.

radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of

1 to 32 characters.

Usage guidelines

The default authentication method is used for all users who support this method and do not have an

authentication method configured.

You can specify one primary default authentication method and multiple backup default authentication

methods.

When the primary method is invalid, the device attempts to use the backup methods in sequence. For

example, the authentication default radius-scheme radius-scheme-name local none command specifies

a primary default RADIUS authentication method and two backup methods (local authentication and no

authentication). The device performs RADIUS authentication by default and performs local

authentication when the RADIUS server is invalid. The device does not perform authentication when both

of the previous methods are invalid.

Examples

# Configure the default authentication method for ISP domain test to use RADIUS scheme rd and use

local authentication as the backup.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] authentication default radius-scheme rd local

Related commands

• hwtacacs scheme

• ldap scheme

• local-user

• radius scheme

authentication lan-access

Use authentication lan-access to configure the authentication method for LAN users.

Use undo authentication lan-access to restore the default.

Syntax

In non-FIPS mode: