4000 Router Series Security Command Reference

Views

ISP domain view

Predefined user roles

network-admin

Parameters

local: Performs local authorization.

none: Does not perform authorization. An authenticated LAN user directly accesses the network.

radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of

1 to 32 characters.

Usage guidelines

The RADIUS authorization configuration takes effect only when authentication and authorization

methods of the ISP domain use the same RADIUS scheme.

You can specify multiple authorization methods, one primary and multiple backup methods. When the

primary method is invalid, the device attempts to use the backup methods in sequence. For example, the

authorization lan-access radius-scheme radius-scheme-name local none command specifies a primary

RADIUS authorization method and two backup authorization methods, local authorization and no

authorization. With this command, the device performs RADIUS authorization by default, performs local

authorization when the RADIUS server is invalid, and does not perform authorization when both of the

previous methods are invalid.

Examples

# Configure ISP domain test to use local authorization for LAN users.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] authorization lan-access local

# Configure ISP domain test to use RADIUS authorization scheme rd for LAN users and use local

authorization as the backup.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] authorization lan-access radius-scheme rd local

Related commands

• authorization default

• local-user

• radius scheme

authorization login

Use authorization login to configure the authorization method for login users.

Use undo authorization login to restore the default.

Syntax

In non-FIPS mode: