Specifying Supported Domain Name Delimiters; Configuring An 802.1X Voice Vlan - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Step
4.
Configure the port to trigger
802.1X authentication on
detection of a reachable
authentication server for users
in the critical VLAN.
Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the access
device to accommodate 802.1X users that use other domain name delimiters.
The configurable delimiters include the at sign (@), back slash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the leftmost delimiter is the domain
name delimiter. For example, if you configure @, /, and \ as delimiters, the domain name delimiter for
the username string 123/22\@abc is the forward slash (/).
If a username string contains none of the delimiters, the access device authenticates the user in the
mandatory or default ISP domain. The access selects a domain delimiter from the delimiter set in this
order: @, /, and \.
Follow the steps to specify a set of domain name delimiters:
Step
1.
Enter system view.
2.
Specify a set of domain name
delimiters for 802.1X users.
NOTE:
If you configure the access device to include the domain name in the username sent to the RADIUS server,
make sure the domain delimiter in the username can be recognized by the RADIUS server. For username
format configuration, see the user-name-format command in
Configuring an 802.1X voice VLAN
You can configure an 802.1X voice VLAN on an 802.1X-enabled port that connects to a voice terminal.
The 802.1X voice VLAN feature is effective only on voice terminals that support VLAN-tagged packets.
The 802.1X voice VLAN feature works with a remote authentication server. The device uses the following
process to implement this feature:
1.
Identifies a voice terminal from the packet sent by the authentication server when the terminal
passes 802.1X authentication.
The authentication server identifies the terminal type by its OUI and sends the terminal type
information to the device.
Command
dot1x critical recovery-action
reinitialize
Command
system-view
dot1x domain-delimiter string
93
Remarks
Optional.
By default, when a reachable
RADIUS server is detected, the
system removes the port or 802.1X
users from the critical VLAN
without triggering authentication.
Remarks
N/A
Optional.
By default, only the at sign (@)
delimiter is supported.
Security Command Reference
.
Advertisement
Table of Contents
Troubleshooting
