R3303-HP HSR6800 Routers Security Command Reference
124
undo dot1x mandatory-domain
Default
No mandatory authentication domain is specified.
Views
Ethernet interface view
Default command level
2: System level
Parameters
domain-name: Specifies the ISP domain name, a case-insensitive string of 1 to 24 characters.
Usage guidelines
When authenticating an 802.1X user trying to access the port, the system selects an authentication
domain in the following order: the mandatory domain, the ISP domain specified in the username, and
the default ISP domain.
To display or cut all 802.1X connections in a mandatory domain, use the display connection domain
isp-name or cut connection domain isp-name command. The output from the display connection
command without any parameters displays domain names entered by users at login. For more
information about the display connection command or the cut connection command, see "AAA
configuration commands."
Examples
# Configure the mandatory authentication domain my-domain for 802.1X users on GigabitEthernet
3/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] dot1x mandatory-domain my-domain
# After 802.1X user usera passes the authentication, execute the display connection command to display
the user connection information on GigabitEthernet 3/0/1. For more information about the display
connection command, see "AAA configuration commands."
[Sysname-GigabitEthernet3/0/1] display connection interface gigabitethernet 3/0/1
Index=68 ,Username=usera@my-domian
MAC=0015-e9a6-7cfe
IP=3.3.3.3
IPv6=N/A
Total 1 connection(s) matched.
Related commands
display dot1x
dot1x max-user
Use dot1x max-user to set the maximum number of concurrent 802.1X users on a port.
Use undo dot1x max-user to restore the default.