H3C Technologies H3C SecPath F1000-E User Manual

213

•

If you specify the radius-scheme radius-scheme-name local or hwtacacs-scheme

hwtacacs-scheme-name [ local | none ] option when you configure an authorization method, local
authorization or no authorization is the backup method and is used only when the remote server is

not available.

•

If you specify only the local or none keyword in an authorization method configuration command,
the firewall has no backup authorization method and performs only local authorization or does not

perform any authorization.

To configure AAA authorization methods for an ISP domain:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter ISP domain view.

domain isp-name

N/A

3.

Specify the default
authorization method for

all types of users.

authorization default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization

method is local for all types of

users.

4.

Specify the command
authorization method.

authorization command { hwtacacs-scheme
hwtacacs-scheme-name [ local | none ] |

local | none }

Optional.
The default authorization

method is used by default.

5.

Specify the authorization
method for DVPN users.

authorization dvpn { local | none |
radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization

method is used by default.

6.

Specify the authorization
method for login users.

authorization login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |
none | radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization
method is used by default.

7.

Specify the authorization

method for portal users.

authorization portal { local | none |
radius-scheme radius-scheme-name
[ local ] }

Optional.
The default authorization
method is used by default.

8.

Specify the authorization
method for PPP users.

authorization ppp { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local |

none | radius-scheme radius-scheme-name

[ local ] }

Optional.
The default authorization

method is used by default.

9.

Specify the authorization
method for SSL VPN

users.

authorization ssl-vpn radius-scheme

radius-scheme-name

Optional.
The default authorization

method is used by default.

Configuring AAA accounting methods for an ISP domain

In AAA, accounting is a separate process at the same level as authentication and authorization. This

process sends accounting start/update/end requests to the specified accounting server. Accounting is
optional.
AAA supports the following accounting methods:

•

No accounting (none)—The system does not perform accounting for the users.