The authentication trigger-condition command configures the packet types that can trigger 802.1X authentication.
The undo authentication trigger-condition command restores the default configuration.
By default, DHCP/ARP packets can trigger 802.1X authentication.
authentication trigger-condition { dhcp | arp } *
undo authentication trigger-condition [ dhcp | arp ] *
| Parameter | Description | Value |
|---|---|---|
dhcp |
Triggers 802.1X authentication through DHCP packets. |
- |
arp |
Triggers 802.1X authentication through ARP packets. |
- |
Usage Scenario
After 802.1X authentication is enabled, the device can trigger 802.1X authentication on users by default when receiving DHCP or ARP packets. Based on user information on the actual network, the administrator can adjust the packet types that can trigger 802.1X authentication. For example, if all users on a network dynamically obtain IPv4 addresses, the device can be configured to trigger 802.1X authentication only through DHCP packets. This prevents the device from continuously sending ARP packets to trigger 802.1X authentication when static IPv4 addresses are configured for unauthorized users on the network, and reduces device CPU occupation.
Precautions
This function takes effect only for users who go online after this function is successfully configured.
When MAC address authentication and 802.1X authentication are both enabled on an interface, packets that can trigger authentication include all the packet types that can trigger authentication in the MAC access profile and 802.1X access profile. For example, assume that ARP packets in the MAC access profile are unable to trigger authentication and ARP packets in the 802.1X access profile can trigger authentication. If MAC address authentication and 802.1X authentication are both enabled on an interface, ARP packets can trigger MAC address authentication.