HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 107
dot1x critical recovery-action, dot1x domain-delimiter
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
dot1x critical recovery-action Syntax dot1x critical recovery-action reinitialize View undo dot1x critical recovery-action Layer 2 Ethernet interface view Default level 2: System level Parameters reinitialize: Enables the port to trigger 802.1X re-authentication on detection of a reachable RADIUS authentication server for users in the critical VLAN. Description Use dot1x critical recovery-action to configure the action that a port takes when an active (reachable) RADIUS authentication server is detected for users in the critical VLAN. Use undo dot1x critical recovery-action to restore the default. By default, when a reachable RADIUS server is detected, the system removes the port or 802.1X users from the critical VLAN without triggering authentication. The dot1x critical recovery-action command takes effect only for the 802.1X users in the critical VLAN on a port. It enables the port to take one of the following actions to trigger 802.1X authentication after removing 802.1X users from the critical VLAN on detection of a reachable RADIUS authentication server: • If MAC-based access control is used, the port sends a unicast Identity EAP/Request to each 802.1X user. • If port-based access control is used, the port sends a multicast Identity EAP/Request to all the 802.1X users attached to the port. For prompt detection of active RADIUS authentication servers, use RADIUS server probing function (see "AAA configuration"). Examples # Configure port GigabitEthernet 1/0/1 to trigger 802.1X re-authentication on detection of an active RADIUS authentication server for users in the critical VLAN. system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dot1x critical recovery-action reinitialize dot1x domain-delimiter Syntax dot1x domain-delimiter string View undo dot1x domain-delimiter System view 98