authorization-cmd no-response-policy

Function

The authorization-cmd no-response-policy command configures a policy used when the command line-based authorization mode.

The undo authorization-cmd no-response-policy command restores the default setting.

By default, the policy is used to keep the user online though the authorization fails.

Format

authorization-cmd no-response-policy online

authorization-cmd no-response-policy offline

authorization-cmd no-response-policy offline max-times max-times-value

undo authorization-cmd no-response-policy

Parameters

Parameter Description Value
offline

Indicates that the user is offline when the authorization fails.

-
max-times max-times-value

Specifies the number of times of failed authorization.

The number should be an integer within 1 to 10. The default value of times of failed authorization is 5.
online

Indicates that the user is online when the authorization fails.

-

Views

Authorization scheme view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
aaa write

Usage Guidelines

This command is used only when the authorization fails because the TACACS server fails or the local user is not configured. The following cases cannot trigger using the policy:

  • When the TACACS server works normally, the input command fails to pass the authorization.
  • When the TACACS server fails, the command-line based authorization mode is changed to the local authorization mode. The authorization remains failed because the input command level is higher than that configured on the local end.

Example

# Force the user offline after three times of failed authorization.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] authorization-scheme scheme1
[*HUAWEI-aaa-author-scheme1] authorization-cmd no-response-policy offline max-times 3
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >