No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
authorization-scheme (AAA view)

authorization-scheme (AAA view)


The authorization-scheme command creates an authorization scheme and enters the authorization scheme view, or directly enters an existing authorization scheme view.

The undo authorization-scheme command deletes an authorization scheme.

By default, the default authorization scheme is used. This default authorization scheme can be modified but cannot be deleted. In the default authorization scheme, local authorization is used and command line authorization is disabled.


authorization-scheme authorization-scheme-name

undo authorization-scheme authorization-scheme-name






Specifies the name of an authorization scheme.

The value is a string of 1 to 32 case-sensitive characters. It cannot contain spaces or the following symbols: / \ : * ? " < > | @ ' %. The value cannot be - or --.


AAA view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

RADIUS integrates authentication and authorization; therefore, RADIUS authorization and authentication must be used together. HWTACACS separates authentication from authorization; therefore, you can configure another authorization type even if HWTACACS authentication, local authentication, or non-authentication is used. You must run the authorization-scheme command to create an authorization scheme before performing authorization-relevant configurations, for example, setting the authorization mode and command line authorization function.

Follow-up Procedure

After an authorization scheme is created:

  • Run the authorization-mode command to configure an authorization mode in an authorization scheme.
  • Run the authorization-cmd command to configure command line authorization for users at a certain level.

After an authorization scheme is configured, run the authorization-scheme (AAA domain view) command to apply the authorization scheme to a domain.


  • If the configured authorization scheme does not exist, the authorization-scheme (AAA view) command creates an authorization scheme and displays the authorization scheme view.
  • If the configured authorization scheme already exists, the authorization-scheme (AAA view) command directly displays the authorization scheme view.

The system supports a maximum of 16 authorization schemes, including the default authorization scheme.

To delete the authorization scheme applied to a domain, run the undo authorization-scheme (AAA domain view) command.


# Create an authorization scheme named scheme0.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] authorization-scheme scheme0

# Enter the default authorization scheme view.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] authorization-scheme default
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 202236

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next