Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
101102103104105106107108109110
91
Enable 802.1X multicast trigger on the port.
Configuration procedure
To configure an 802.1X critical VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
3. Configure the 802.1X critical
VLAN on the port.
dot1x critical vlan vlan-id
By default, no 802.1X critical
VLAN is configured.
Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the access
device to accommodate 802.1X users who use other domain name delimiters.
The configurable delimiters include the at sign (@), backslash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the rightmost delimiter is the
domain name delimiter. For example, if you configure the backslash (\) and forward slash (/) as
delimiters, the domain name delimiter for the username string 123/22\@abc is the backslash (\).
If a username string contains none of the delimiters, the access device authenticates the user in the
mandatory or default ISP domain.
To specify a set of domain name delimiters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a set of domain name
delimiters for 802.1X users.
dot1x domain-delimiter string
By default, only the at sign (@)
delimiter is supported.
NOTE:
If you confi
g
ure the access device to include the domain name in the username sent to the RADIUS server,
make sure the domain delimiter in the username can be recognized by the RADIUS server. For username
format configuration, see the user-name-format command in
Security Command Reference
.
Configuring 802.1X SmartOn
The SmartOn feature is mutually exclusive with the 802.1X online user handshake function.
When the device sends a unicast EAP-Request/Notification packet to the client, it starts the SmartOn
client timeout timer (set by dot1x smarton timer supp-timeout).
If the device does not receive any EAP-Response/Notification packets from the client within the
timeout timer, it retransmits the EAP-Request/Notification packet to the client. After the device has