Configuration Prerequisites; Configuration Procedure; Specifying Supported Domain Name Delimiters - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
release their IP addresses or repair their network connections for a DHCP reassignment after
802.1X authentication is complete. The HP iNode client does not have this problem.
Configuration prerequisites
•
Create the VLAN to be specified as a critical VLAN.
If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger
•
(dot1x multicast-trigger).
•
If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged
member. For more information about the MAC-based VLAN function, see Layer 2
Configuration Guide.
Configuration procedure
To configure an 802.1X critical VLAN:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure an 802.1X critical
VLAN on the port.
Configure the port to trigger
4.
802.1X authentication on
detection of a reachable
authentication server for users
in the critical VLAN.
Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the access
device to accommodate 802.1X users that use other domain name delimiters.
The configurable delimiters include the at sign (@), back slash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the leftmost delimiter is the domain
name delimiter. For example, if you configure @, /, and \ as delimiters, the domain name delimiter for
the username string 123/22\@abc is the forward slash (/).
If a username string contains none of the delimiters, the access device authenticates the user in the
mandatory or default ISP domain. The access selects a domain delimiter from the delimiter set in this
order: @, /, and \.
Follow the steps to specify a set of domain name delimiters:
Step
1.
Enter system view.
Command
system-view
interface interface-type
interface-number
dot1x critical vlan vlan-id
dot1x critical recovery-action
reinitialize
Command
system-view
90
LAN Switching
—
Remarks
N/A
N/A
By default, no critical VLAN is
configured.
Optional.
By default, when a reachable
RADIUS server is detected, the
system removes the port or 802.1X
users from the critical VLAN
without triggering authentication.
Remarks
N/A
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
