Enabling the quiet timer – H3C Technologies H3C S7500E Series Switches User Manual

5-21

When the unicast trigger function is enabled, it is recommended to disable the multicast trigger

function to avoid duplicate transmission.

Specifying a Mandatory Authentication Domain for a Port

The mandatory authentication domain function provides a security control mechanism for

802.1X access. With a mandatory authentication domain specified for a port, the system uses

the mandatory authentication domain for authentication, authorization, and accounting of all

802.1X users on the port. In this way, users accessing the port cannot use any account in other

domains.

Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a

user determines the authentication domain of the user. However, you can specify different

mandatory authentication domains for different ports even if the user certificates are from the

same certificate authority (that is, the user domain names are the same). This allows you to

deploy 802.1X access policies flexibly.

Follow these steps to specify a mandatory authentication domain for a port:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet interface view

interface interface-type

interface-number

—

Specify a mandatory

authentication domain for the

port

dot1x mandatory-domain

domain-name

Required

Not specified by default

Enabling the Quiet Timer

After the quiet timer is enabled on the device, when a client fails 802.1X authentication, the

device refuses further authentication requests from the client in a period of time, which is

specified by the quiet timer (using the dot1x timer quiet-period command).

Follow these steps to enable the quiet timer:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable the quiet timer

dot1x quiet-period

Required

Disabled by default