Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the access device to accommodate 802.1X users that use other domain name delimiters.
The configurable delimiters include the at sign (@), back slash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the leftmost delimiter is the domain name delimiter. For example, if you configure @, /, and \ as delimiters, the domain name delimiter for the username string 123/22\@abc is the forward slash (/).
If a username string contains none of the delimiters, the access device authenticates the user in the mandatory or default ISP domain. The access selects a domain delimiter from the delimiter set in this order: @, /, and \.
Follow the steps to specify a set of domain name delimiters:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Specify a set of domain name delimiters for 802.1X users. | dot1x domain-delimiter string | Optional. By default, only the at sign (@) delimiter is supported. |
![[NOTE: ]](images/note.png) | NOTE: If you configure the access device to include the domain name in the username sent to the RADIUS server, make sure the domain delimiter in the username can be recognized by the RADIUS server. For username format configuration, see the user-name-format command in Security Command Reference. | |