• If a RADIUS scheme is specified, the device uses the username $enabn$ on the RADIUS server for
role switching authentication, where n is the same as that in the target user role. For example, to
switch to a level-3 user role whose username is test, the device uses $enab3@domain-name$ or
$enab3$ for role switching authentication, depending on whether the domain name is required.
Examples
# Configure ISP domain test to use HWTACACS scheme tac for user role switching authentication.
<Sysname> system-view
[Sysname] super authentication-mode scheme
[Sysname] domain test
[Sysname-domain-test] authentication super hwtacacs-scheme tac
Related commands
• authentication default
• hwtacacs scheme
• radius scheme
authorization command
Use authorization command to specify the command authorization method.
Use undo authorization command to restore the default.
Syntax
In non-FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] |
none }
undo authorization command
In FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local }
undo authorization command
Default
The default authorization method of the ISP domain is used for command authorization.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
12
To Next Page
Loading...
Need help?
General
