EasyManuals Logo
Home>HP>Network Router>MSR SERIES

HP MSR SERIES Command Reference

HP MSR SERIES
684 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #32 background imageLoading...
Page #32 background image
18
When local command authorization is configured, the device compares each entered command with the
user's configuration on the device. The command is executed only when it is permitted by the user's
authorized user role.
The commands that can be executed are controlled by both the access permission of user roles and
command authorization of the authorization server. Access permission only controls whether the
authorized user roles have access to the entered commands, but it does not control whether the user roles
have obtained authorization to these commands. If a command is permitted by the access permission but
denied by command authorization, this command cannot be executed.
You can specify one primary command authorization method and multiple backup authorization
methods.
When the default authorization method is invalid, the device attempts to use the backup authorization
methods in sequence. For example, the authorization command hwtacacs-scheme
hwtacacs-scheme-name local none command specifies the default HWTACACS authorization method
and two backup methods (local authorization and no authorization). The device performs HWTACACS
authorization by default and performs local authorization when the HWTACACS server is invalid. The
device does not perform command authorization when both of the previous methods are invalid.
Examples
# Configure ISP domain test to use local command authorization.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command local
# Configure ISP domain test to use HWTACACS scheme hwtac for command authorization and use local
authorization as the backup authorization method.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command hwtacacs-scheme hwtac local
Related commands
• authorization accounting (Fundamentals Command Reference)
• hwtacacs scheme
• local-user
authorization default
Use authorization default to specify the default authorization method for an ISP domain.
Use undo authorization default to restore the default.
Syntax
In non-FIPS mode:
authorization default { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ]
[ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme
hwtacacs-scheme-name ] [ local ] [ none ] }
undo authorization default
In FIPS mode:

Table of Contents

Other manuals for HP MSR SERIES

Preview: Configuration Guide
Configuration Guide889 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP MSR SERIES and is the answer not in the manual?

HP MSR SERIES Specifications

General IconGeneral
BrandHP
ModelMSR SERIES
CategoryNetwork Router
LanguageEnglish

Related product manuals