3Com MSR 50, MSR 30 manual Authorization lan-access, 1927

1927

■The authorization scheme specified with the authorization default command is for all types of users and has a priority lower than that for a specific access mode.

■RADIUS authorization is special in that it takes effect only when the RADIUS authorization scheme is the same as the RADIUS authentication scheme. In addition, if a RADIUS authorization fails, the error message returned to the NAS says that the server is not responding.

Related command: authentication default, accounting default, hwtacacs scheme, radius scheme.

Example # Configure the default ISP domain system to use the local authorization scheme for all types of users.

<Sysname> system-view

[Sysname] domain system

[Sysname-isp-system] authorization default local

#Configure the default ISP domain system to use RADIUS authorization scheme rd for all types of users and to use the local authorization scheme as the backup scheme.

<Sysname> system-view

[Sysname] domain system

[Sysname-isp-system] authorization default radius-scheme rd local

authorization lan-access

Syntax authorization lan-access { local none radius-scheme radius-scheme-name[ local ] }

undo authorization lan-access

View ISP domain view

Parameter local: Performs local authorization.

none: Does not perform any authorization. In this case, an authenticated user is automatically authorized with the default right.

radius-schemeradius-scheme-name: Specifies a RADIUS scheme by its name, which is a string of 1 to 32 characters.

Description Use the authorization lan-accesscommand to specify the authorization scheme for LAN access users.

Use the undo authorization lan-accesscommand to restore the default.

By default, the default authorization scheme is used for LAN access users.