beautypg.com

H3C Technologies H3C S7500E Series Switches User Manual

Page 59

background image

2-30

response after successful authentication. You can configure local authorization as the backup

method to be used when the remote server is not available.

Before configuring authorization methods, complete these three tasks:

1) For HWTACACS authorization, configure the HWTACACS scheme to be referenced first. For

RADIUS authorization, the RADIUS authorization scheme must be the same as the RADIUS

authentication scheme; otherwise, it does not take effect.

2) Determine the access mode or service type to be configured. With AAA, you can configure an

authorization scheme specifically for each access mode and service type, limiting the

authorization protocols that can be used for access.

3) Determine whether to configure an authorization method for all access modes or service types.

Follow these steps to configure AAA authorization methods for an ISP domain:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter ISP domain view

domain isp-name

Specify the default

authorization method for all

types of users

authorization default { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme

radius-scheme-name [ local ] }

Optional

local by default

Specify the command

authorization method

authorization command

{ hwtacacs-scheme

hwtacacs-scheme-name [ local | none ] |

local | none }

Optional

The default authorization

method is used by default.

Specify the authorization

method for LAN users

authorization lan-access { local | none |

radius-scheme radius-scheme-name

[ local ] }

Optional

The default authorization

method is used by default.

Specify the authorization

method for login users

authorization login { hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local |

none | radius-scheme

radius-scheme-name [ local ] }

Optional

The default authorization

method is used by default.

Specify the authorization

method for portal users

authorization portal { local | none |

radius-scheme radius-scheme-name

[ local ] }

Optional

The default authorization

method is used by default.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: