3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
218 CHAPTER 15: AAA/RADIUS/HWTACACS CONFIGURATION COMMANDS
If you configure the authentication command in domain view, the authentication
scheme specified by this command will be adopted. Otherwise, the authentication
scheme specified by the scheme command is adopted.
When the authentication radius-scheme radius-scheme-name local command
or the authentication hwtacacs-scheme hwtacacs-scheme-name local
command is configured, the local authentication scheme applies as a backup
scheme in case the RADIUS or TACACS server is not available. If the RADIUS or
TACACS server is available, local authentication is not used.
If the local or none scheme applies as the first scheme, no RADIUS or HWTACACS
scheme can be adopted.
If you configure the authentication command in domain view, the authentication
scheme specified by this command will be adopted. Otherwise, the authentication
scheme specified by the scheme command is adopted.
Related command: scheme, radius scheme, hwtacacs scheme.
Example
# Specify the current ISP domain, h3c163.net, to adopt the RADIUS authentication
scheme radius.
[SecBlade_FW-h3c163.net] authentication radius-scheme radius
# Specify the ISP domain, h3c, to adopt the RADIUS authentication scheme rd and
the local scheme to be the backup scheme.
[SecBlade_FW-isp-h3c] authentication radius-scheme rd local
# Specify the ISP domain, h3c, to adopt the HWTACACS authentication scheme
hwtac and the local scheme to be the backup scheme.
[SecBlade_FW-isp-h3c] authentication hwtacacs-scheme hwtac local
authorization Syntax
authorization { hwtacacs-scheme hwtacacs-scheme-name | none }
undo authorization
View
ISP domain view
Parameter
hwtacacs-scheme hwtacacs-scheme-name: Specifies the HWTACACS scheme
adopted for authorization.
none: Indicates that no authorization scheme is adopted.
Description
Use the authorization command to configure the authorization scheme adopted
by the current ISP domain.