96
Step Command Remarks
3. Enter Ethernet
interface view.
interface
interface-type
interface-number
N/A
4. Enable an
authentication
trigger.
dot1x
{
multicast-trigger
|
unicast-trigger
}
Required if you want to enable the unicast
trigger.
By default, the multicast trigger is enabled, and
the unicast trigger is disabled.
Specifying a mandatory authentication domain on
a port
You can place all 802.1X users in a mandatory authentication domain for authentication,
authorization, and accounting on a port. No user can use an account in any other domain to access
the network through the port. The implementation of a mandatory authentication domain enhances
the flexibility of 802.1X access control deployment.
To specify a mandatory authentication domain for a port:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Ethernet interface
view.
interface
interface-type
interface-number
N/A
3. Specify a mandatory 802.1X
authentication domain on the
port.
dot1x mandatory-domain
domain-name
By default, no mandatory 802.1X
authentication domain is
specified.
Configuring the quiet timer
The quiet timer enables the network access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can set the quiet timer to a high value in a vulnerable network or a low value for quicker
authentication response.
To configure the quiet timer:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the quiet timer.
dot1x quiet-period
By default, the timer is disabled.
3. Set the quiet timer.
dot1x timer quiet-period
quiet-period-value
Optional.
The default setting is 60 seconds.
To Next Page
Loading...
Need help?
General
