Specifying supported domain name delimiters

By default, the access device supports the at sign (@) as the delimiter. You can also configure the access device to accommodate 802.1X users who use other domain name delimiters. The configurable delimiters include the at sign (@), backslash (\), dot (.), and forward slash (/). Usernames that include domain names can use the format of username@domain-name, domain-name\username, username.domain-name, or username/domain-name.

If an 802.1X username string contains multiple configured delimiters, the rightmost delimiter is the domain name delimiter. For example, if you configure the backslash (\), dot (.), and forward slash (/) as delimiters, the domain name delimiter for the username string 121.123/22\@abc is the backslash (\). The username is @abc and the domain name is 121.123/22.

If a username string contains none of the delimiters, the access device authenticates the user in the mandatory or default ISP domain.

To specify a set of domain name delimiters:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Specify a set of domain name delimiters for 802.1X users.

dot1x domain-delimiter string

By default, only the at sign (@) delimiter is supported.


[NOTE: ]

NOTE:

If you configure the access device to send usernames with domain names to the RADIUS server, make sure the domain delimiter can be recognized by the RADIUS server. For username format configuration, see the user-name-format command in Security Command Reference.