Enable the unicast trigger on a port if only a few 802.1X clients are attached to the port and these
•
clients cannot initiate authentication.
To avoid duplicate authentication packets, do not enable both triggers on a port.
•
Configuration procedure
Follow these steps to configure the authentication trigger function on a port:
To do...
Enter system view
Set the username request timeout
timer
Enter Ethernet interface view
Enable an authentication trigger
Specifying a mandatory authentication domain on a port
You can place all 802.1X users in a mandatory authentication domain for authentication, authorization,
and accounting on a port. No user can use an account in any other domain to access the network
through the port. The implementation of a mandatory authentication domain enhances the flexibility of
802.1X access control deployment.
Follow these steps to specify a mandatory authentication domain for a port:
To do...
Enter system view
Enter Ethernet interface view
Specify a mandatory 802.1X
authentication domain on the port
Configuring the quiet timer
The quiet timer enables the network access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can set the quiet timer to a high value in a vulnerable network or a low value for quicker
authentication response.
Follow these steps to configure the quiet timer:
To do...
Enter system view
Use the command...
system-view
dot1x timer tx-period
tx-period-value
interface interface-type
interface-number
dot1x { multicast-trigger |
unicast-trigger }
Use the command...
system-view
interface interface-type
interface-number
dot1x mandatory-domain
domain-name
Use the command...
system-view
94
Remarks
—
Optional
The default is 30 seconds.
—
Required if you want to enable the
unicast trigger.
Use either command.
By default, the multicast trigger is
enabled, and the unicast trigger is
disabled.
Remarks
—
—
Required
Not specified by default.
Remarks
—