Configuration guidelines, Configuration procedure – H3C Technologies H3C S12500-X Series Switches User Manual
Page 87
75
194B
Configuration guidelines
Follow these guidelines when you configure the authentication trigger function:
•
Enable the multicast trigger on a port when the clients attached to the port cannot send EAPOL-Start
packets to initiate 802.1X authentication.
•
Enable the unicast trigger on a port if only a few 802.1X clients are attached to the port and these
clients cannot initiate authentication.
•
To avoid duplicate authentication packets, do not enable both triggers on a port.
195B
Configuration procedure
To configure the authentication trigger function on a port:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
(Optional.) Set the username
request timeout timer.
dot1x timer tx-period
tx-period-value
The default is 30 seconds.
3.
Enter Ethernet interface view. interface interface-type
interface-number
N/A
4.
Enable an authentication
trigger.
dot1x { multicast-trigger |
unicast-trigger }
By default, the multicast trigger is
enabled, and the unicast trigger is
disabled.
47B
Specifying a mandatory authentication domain on
a port
You can place all 802.1X users in a mandatory authentication domain for authentication, authorization,
and accounting on a port. No user can use an account in any other domain to access the network
through the port. The implementation of a mandatory authentication domain enhances the flexibility of
802.1X access control deployment.
To specify a mandatory authentication domain for a port:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Ethernet interface view. interface interface-type
interface-number
N/A
3.
Specify a mandatory 802.1X
authentication domain on the
port.
dot1x mandatory-domain
domain-name
By default, no mandatory 802.1X
authentication domain is specified.