11
authentication lan-access
Use authentication lan-access to configure the authentication method for LAN users.
Use undo authentication lan-access to restore the default.
Syntax
In non-FIPS mode:
authentication lan-access { ldap-scheme ldap-scheme-name [ local ] [ none ] | local [ none ] | none |
radius-scheme radius-scheme-name [ local ] [ none ] }
undo authentication lan-access
In FIPS mode:
authentication lan-access { ldap-scheme ldap-scheme-name [ local ] | local | radius-scheme
radius-scheme-name [ local ] }
undo authentication lan-access
Default
The default authentication method for the ISP domain is used for LAN users.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
ldap-scheme ldap-scheme-name: Specifies an LDAP scheme by its name, a case-insensitive string of 1 to
32 characters.
local: Performs local authentication.
none: Does not perform authentication.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of
1 to 32 characters.
Usage guidelines
You can specify one primary authentication method and multiple backup authentication methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence. For
example, the authentication lan-access radius-scheme radius-scheme-name local none command
specifies a primary RADIUS authentication method and two backup methods (local authentication and
no authentication). The device performs RADIUS authentication by default and performs local
authentication when the RADIUS server is invalid. The device does not perform authentication when both
of the previous methods are invalid.
Examples
# Configure ISP domain test to use local authentication for LAN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authentication lan-access local
To Next Page
Loading...
Need help?
General
