H3C Technologies H3C WX3000E Series Wireless Switches User Manual

52

2.

Determine the access type or service type to be configured. With AAA, you can configure an

authorization scheme for each access type and service type, limiting the authorization protocols
that can be used for access.

3.

Determine whether to configure an authorization method for all access types or service types.

To configure AAA authorization methods for an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Specify the default
authorization method for

all types of users.

authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
ldap-scheme ldap-scheme-name [ local ] |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.
The default setting is local.

4.

Specify the command
authorization method.

authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local | none ] |

local | none }

Optional.
The default authorization

method is used by default.

5.

Specify the authorization
method for LAN users.

authorization lan-access { local | none |
radius-scheme radius-scheme-name [ local |

none ] }

Optional.
The default authorization

method is used by default.

6.

Specify the authorization
method for login users.

authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
ldap-scheme ldap-scheme-name [ local ] |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization

method is used by default.

7.

Specify the authorization

method for portal users.

authorization portal { local | none |
radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization

method is used by default.

8.

Specify the authorization
method for PPP users.

authorization ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name
[ local ] }

Optional.
The default authorization

method is used by default.