The local-authorize command specifies the user authorization information to be delivered to an authentication control device.
The undo local-authorize command restores the default user authorization information to be delivered to an authentication control device.
By default, all user authorization information can be delivered to an authentication control device.
local-authorize { none | { acl | car | priority | ucl-group | vlan } * }
undo local-authorize
Parameter |
Description |
Value |
|---|---|---|
acl |
Delivers ACL authorization information. |
- |
car |
Delivers CAR authorization information. |
- |
priority |
Delivers priority authorization information. |
- |
ucl-group |
Delivers UCL group authorization information. NOTE:
When you authorize the ACL or UCL group, configure the corresponding ACL or UCL group on authentication control devices to ensure that the authorization information takes effect on the authentication control devices. |
- |
vlan |
Delivers VLAN authorization information. |
- |
none |
Delivers no authorization information. |
- |
Usage Scenario
To enable an authentication control device to implement specified user access policies, you can run this command to specify user authorization information to be delivered to the authentication control device. By default, all authorization information is delivered to an authentication control device.
Precautions
This command is supported only on authentication control devices.
This command takes effect for all user authorization types, such as local authorization, remote authorization, and RADIUS dynamic authorization.
For VLAN authorization in a policy association scenario, VLAN authorization information must be delivered. You must configure the local-authorize vlan command or do not configure the local-authorize command, that is, use the default settings. By default, all user authorization information can be delivered to an authentication control device.