R0106-HP MSR Router Series Security Command Reference(V7)

Views

ISP domain view

Predefined user roles

network-admin

Parameters

hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a

case-insensitive string of 1 to 32 characters.

local: Performs local authorization.

none: Does not perform authorization.

radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of

1 to 32 characters.

Usage guidelines

You can specify one primary authorization method and multiple backup authorization methods.

When the primary method is invalid, the device attempts to use the backup methods in sequence. For

example, the authorization ppp radius-scheme radius-scheme-name local none command specifies a

primary RADIUS authorization method and two backup methods (local authorization and no

authorization). The device performs RADIUS authorization by default and performs local authorization

when the RADIUS server is invalid. The device does not perform authorization when both of the previous

methods are invalid.

Examples

# Configure ISP domain test to use local authorization for PPP users.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] authorization ppp local

# Configure ISP domain test to use RADIUS authorization scheme rd for PPP users and use local

authorization as the backup.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] authorization ppp radius-scheme rd local

Related commands

• authorization default

• hwtacacs scheme

• local-user

• radius scheme

authorization-attribute (ISP domain view)

Use authorization-attribute to configure authorization attributes for users in an ISP domain.

Use undo authorization-attribute to restore the default of an authorization attribute.

Syntax

authorization-attribute { idle-cut minute [ flow ] | ip-pool pool-name }