dot1x force-domain

Function

The dot1x force-domain command configures a forcible authentication domain on an interface for 802.1X authentication.

The undo dot1x force-domain command deletes a forcible authentication domain.

By default, no forcible authentication domain is configured on an interface.

Format

dot1x force-domain domain-name

undo dot1x force-domain

Parameters

Parameter Description Value
domain-name

Specifies the name of a forcible authentication domain.

The value is a string of 1 to 64 case-insensitive characters without asterisks (*), question marks (?), or quotation marks ("").

Views

GE optical interface view, GE electrical interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bas-eap write

Usage Guidelines

Usage Scenario

After a forcible authentication domain is configured, the system uses the authentication policy configured in this domain to authenticate users, and all 802.1X users accessing this interface must be authenticated in this domain. To configure a forcible authentication domain, run the dot1x force-domain command.

Prerequisites

802.1X authentication has been enabled on the interface using the dot1x enable command.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Configure domain1 as the forcible 802.1X authentication domain on GE 0/1/1.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain domain1
[~HUAWEI-aaa-domain-domain1] commit
[~HUAWEI-aaa-domain-domain1] quit
[~HUAWEI-aaa] quit
[~HUAWEI] interface GigabitEthernet 0/1/1
[*HUAWEI-GigabitEthernet0/1/1] commit
[*HUAWEI-GigabitEthernet0/1/1] dot1x enable
[*HUAWEI-GigabitEthernet0/1/1] dot1x force-domain domain1
Parent Topic: 802.1X Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >