HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 82
Configuration guidelines, Configuration procedure
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 82 highlights
Configuration guidelines Follow these guidelines when you configure the authentication trigger function: • Enable the multicast trigger on a port when the clients attached to the port cannot send EAPOL-Start packets to initiate 802.1X authentication. • Enable the unicast trigger on a port if only a few 802.1X clients are attached to the port and these clients cannot initiate authentication. • To avoid duplicate authentication packets, do not enable both triggers on a port. Configuration procedure To configure the authentication trigger function on a port: Step 1. Enter system view. 2. (Optional.) Set the username request timeout timer. 3. Enter Ethernet interface view. Command system-view dot1x timer tx-period tx-period-value interface interface-type interface-number 4. Enable an authentication trigger. dot1x { multicast-trigger | unicast-trigger } Remarks N/A The default is 30 seconds. N/A By default, the multicast trigger is enabled, and the unicast trigger is disabled. Specifying a mandatory authentication domain on a port You can place all 802.1X users in a mandatory authentication domain for authentication, authorization, and accounting on a port. No user can use an account in any other domain to access the network through the port. The implementation of a mandatory authentication domain enhances the flexibility of 802.1X access control deployment. To specify a mandatory authentication domain for a port: Step Command 1. Enter system view. system-view 2. Enter Ethernet interface view. interface interface-type interface-number 3. Specify a mandatory 802.1X authentication domain on the dot1x mandatory-domain port. domain-name Remarks N/A N/A By default, no mandatory 802.1X authentication domain is specified. 73