Configuration Procedure; Specifying A Mandatory Authentication Domain On A Port; Configuring The Quiet Timer - H3C S5120-HI Security Configuration Manual

Configuration procedure

To configure the authentication trigger function on a port:
Step
1. Enter system view.
2. Set the username request
timeout timer.
3. Enter Ethernet interface view.
4. Enable an authentication
trigger.
Specifying a mandatory authentication domain on
a port
You can place all 802.1X users in a mandatory authentication domain for authentication, authorization,
and accounting on a port. No user can use an account in any other domain to access the network
through the port. The implementation of a mandatory authentication domain enhances the flexibility of
802.1X access control deployment.
To specify a mandatory authentication domain for a port:
Step
1. Enter system view.
2. Enter Ethernet interface view.
3. Specify a mandatory 802.1X
authentication domain on the
port.

Configuring the quiet timer

The quiet timer enables the network access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can set the quiet timer to a high value in a vulnerable network or a low value for quicker
authentication response.
To configure the quiet timer:
Command
system-view
dot1x timer tx-period
tx-period-value
interface interface-type
interface-number
dot1x { multicast-trigger |
unicast-trigger }
Command
system-view
interface interface-type
interface-number
dot1x mandatory-domain
domain-name
88
Remarks
N/A
Optional.
The default is 30 seconds.
N/A
Required if you want to enable the
unicast trigger.
By default, the multicast trigger is
enabled, and the unicast trigger is
disabled.
Remarks
N/A
N/A
By default, no mandatory 802.1X
authentication domain is specified.