R2511-HP MSR Router Series Security Command Reference(V5)
127
dot1x critical recovery-action
Use dot1x critical recovery-action to configure the action that a port takes when an active (reachable)
RADIUS authentication server is detected for users in the 802.1X critical VLAN.
Use undo dot1x critical recovery-action to restore the default.
Syntax
dot1x critical recovery-action reinitialize
undo dot1x critical recovery-action
Default
When a reachable RADIUS server is detected, the system removes the port or 802.1X users from the
critical VLAN without triggering authentication.
Views
Layer 2 Ethernet interface view
Default command level
2: System level
Parameters
reinitialize: Enables the port to trigger 802.1X re-authentication on detection of a reachable RADIUS
authentication server for users in the critical VLAN.
Usage guidelines
The dot1x critical recovery-action command takes effect only for the 802.1X users in the critical VLAN on
a port. It enables the port to take one of the following actions to trigger 802.1X authentication after
removing 802.1X users from the critical VLAN on detection of a reachable RADIUS authentication server:
• If MAC-based access control is used, the port sends a unicast Identity EAP/Request to each 802.1X
user.
• If port-based access control is used, the port sends a multicast Identity EAP/Request to all the
802.1X users attached to the port.
Examples
# Configure port Ethernet 1/1 to trigger 802.1X re-authentication on detection of an active RADIUS
authentication server for users in the critical VLAN.
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] dot1x critical recovery-action reinitialize
dot1x domain-delimiter
Use dot1x domain-delimiter to specify a set of domain name delimiters supported by the access device.
Any character in the configured set can be used as the domain name delimiter for 802.1X authentication
users.
Use undo dot1x domain-delimiter to restore the default.
Syntax
dot1x domain-delimiter string
undo dot1x domain-delimiter