Specifying supported domain name delimiters, Configuring the accounting delay feature – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

124

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet or

WLAN-ESS interface view.

interface interface-type
interface-number

N/A

3.

Configure the Auth-Fail VLAN

on the port.

dot1x auth-fail vlan authfail-vlan-id

By default, no Auth-Fail VLAN is
configured.

Specifying supported domain name delimiters

By default, the access device supports the at sign (@) as the delimiter. You can also configure the access
device to accommodate 802.1X users that use other domain name delimiters.
The configurable delimiters include the at sign (@), back slash (\), and forward slash (/).
If an 802.1X username string contains multiple configured delimiters, the leftmost delimiter is the domain

name delimiter. For example, if you configure @, /, and \ as delimiters, the domain name delimiter for
the username string 123/22\@abc is the forward slash (/).
If a username string contains none of the delimiters, the access device authenticates the user in the

mandatory or default ISP domain. The access selects a domain delimiter from the delimiter set in this

order: @, /, and \.
To specify a set of domain name delimiters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Specify a set of domain name
delimiters for 802.1X users.

dot1x domain-delimiter string

Optional.
By default, only the at sign (@)
delimiter is supported.

NOTE:

If you configure the access device to include the domain name in the username sent to the RADIUS server,
make sure the domain delimiter in the username can be recognized by the RADIUS server. For username
format configuration, see the user-name-format command in

Security Command Reference.

Configuring the accounting delay feature

By default, the accounting delay feature is disabled. The device sends an accounting request to the

accounting server for an 802.1X user immediately after the user passes authentication, regardless of

whether an IP address has been assigned to the user.
The accounting delay feature enables the device to wait a period of time for an authenticated 802.1X
user to obtain an IP address before sending an accounting request. If getting the IP address of the user

before the delay expires, the device sends an accounting request for the user. If not, the device proceeds

to the accounting procedure or ends the procedure depending on your configuration.
Enable the accounting delay feature if 802.1X users obtain IP addresses through DHCP and the
accounting server requires user IP addresses.
For a network that deploys iNode clients, follow these configuration guidelines: