Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
111112113114115116117118119120
97
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Configure an 802.1X critical
VLAN on the port.
dot1x critical vlan vlan-id
By default, no critical VLAN is
configured.
4. Configure the port to trigger
802.1X authentication on
detection of a reachable
authentication server for users
in the critical VLAN.
dot1x critical recovery-action
reinitialize
Optional.
By default, when a reachable
RADIUS server is detected, the
system removes the port or 802.1X
users from the critical VLAN
without triggering authentication.
Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the access
device to accommodate 802.1X users that use other domain name delimiters.
The configurable delimiters include the at sign (@), back slash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the leftmost delimiter is the domain
name delimiter. For example, if you configure @, /, and \ as delimiters, the domain name delimiter for
the username string 123/22\@abc is the forward slash (/).
If a username string contains none of the delimiters, the access device authenticates the user in the
mandatory or default ISP domain. The access selects a domain delimiter from the delimiter set in this
order: @, /, and \.
To specify a set of domain name delimiters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a set of domain name
delimiters for 802.1X users.
dot1x domain-delimiter string
By default, only the at sign (@)
delimiter is supported.
NOTE:
If you configure the access device to include the domain name in the username sent to the RADIUS server,
make sure the domain delimiter in the username can be recognized by the RADIUS server. For username
format configuration, see the user-name-format command in
Security Command Reference
.
Displaying and maintaining 802.1X