authentication event action authorize

Function

The authentication event action authorize command configures authentication event authorization information.

The undo authentication event action authorize command restores the default setting.

By default, authentication event authorization information is not configured.

Format

authentication event authen-server-down action authorize service-scheme service-scheme-name [ response-fail ]

undo authentication event authen-server-down action authorize

Parameters

Parameter	Description	Value
authen-server-down	Configures the device to assign network access rights to users when the authentication server is Down.	-
response-fail	Configures the device to send authentication failure packets to users after assigning network access rights to the users. If this parameter is not specified, the device by default sends authentication success packets to users and therefore the users cannot know the fact that they fail to be authenticated. To solve this problem, specify this parameter so that the device will send authentication failure packets for the users to know their authentication results.	-
service-scheme service-scheme-name	Specifies the name of the service scheme based on which network access rights are assigned to users.	The value must be an existing service scheme name on the device.

Parameter

Description

Value

authen-server-down

Configures the device to assign network access rights to users when the authentication server is Down.

response-fail

Configures the device to send authentication failure packets to users after assigning network access rights to the users.

If this parameter is not specified, the device by default sends authentication success packets to users and therefore the users cannot know the fact that they fail to be authenticated. To solve this problem, specify this parameter so that the device will send authentication failure packets for the users to know their authentication results.

service-scheme service-scheme-name

Specifies the name of the service scheme based on which network access rights are assigned to users.

The value must be an existing service scheme name on the device.

Views

Authentication profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To improve network reliability and meet users' basic network access requirements when the RADIUS server is Down, you can configure the RADIUS server escape function on the device.

Precautions

Wireless 802.1X authentication does not support this function.

This function takes effect only for users who go online after this function is successfully configured.

Authenticationevent authorization information cannot be configured for static usersidentified by IP addresses.

Example

# In the authentication profile authen1, configure the device to assign network access rights to users based on the service scheme s1 when the authentication server is Down.

<sysname> system-view
[sysname] aaa
[sysname-aaa] service-scheme s1
[sysname-aaa-service-s1] quit
[sysname] authentication-profile name authen1
[sysname-authentication-profile-authen1] authentication event authen-server-down action authorize service-scheme s1