dot1x mandatory-domain

Syntax

dot1x mandatory-domain domain-name

undo dot1x mandatory-domain

View

Ethernet interface view

Default level

2: System level

Parameters

domain-name: Specifies the ISP domain name, a case-insensitive string of 1 to 24 characters.

Description

Use dot1x mandatory-domain to specify a mandatory 802.1X authentication domain on a port.

Use undo dot1x mandatory-domain to remove the mandatory authentication domain.

By default, no mandatory authentication domain is specified.

When authenticating an 802.1X user trying to access the port, the system selects an authentication domain in the following order: the mandatory domain, the ISP domain specified in the username, and the default ISP domain.

To display or cut all 802.1X connections in a mandatory domain, use the display connection domain isp-name or cut connection domain isp-name command. The output from the display connection command without any parameters displays domain names input by users at login. For more information about the display connection command or the cut connection command, see "AAA configuration commands."

Related commands: display dot1x.

Examples

# Configure the mandatory authentication domain my-domain for 802.1X users on Ethernet 1/0/1.

<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] dot1x mandatory-domain my-domain

# After 802.1X user usera passes the authentication, execute the display connection command to display the user connection information on Ethernet 1/0/1. For more information about the display connection command, see "AAA configuration commands."

[Sysname-Ethernet1/0/1] display connection interface ethernet 1/0/1
Slot:  1
Index=68  ,Username=usera@my-domian
 IP=3.3.3.3
 IPv6=N/A
 MAC=0015-e9a6-7cfe

 Total 1 connection(s) matched on slot 1.
 Total 1 connection(s) matched.