1-13authentication domain for authentication, authorization, and accounting of all 802.1X users on the port.In this way, users accessing the port cannot use any account in other domains.Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a userdetermines the authentication domain of the user. However, you can specify different mandatoryauthentication domains for different ports even if the user certificates are from the same certificateauthority (that is, the user domain names are the same). This allows you to deploy 802.1X accesspolicies flexibly.802.1X Configuration Task ListComplete the following tasks to configure 802.1X:Task Remarks802.1X Basic Configuration RequiredEnabling the Online User Handshake Function OptionalEnabling the Proxy Detection Function OptionalEnabling the Multicast Trigger Function OptionalEnabling the Unicast Trigger Function OptionalSpecifying a Mandatory Authentication Domain for a Port OptionalEnabling the Quiet Timer Function OptionalEnabling the Re-Authentication Function OptionalConfiguring a Guest VLAN OptionalConfiguring an Auth-Fail VLAN Optional802.1X Basic ConfigurationConfiguration Prerequisites802.1X provides a method for implementing user identity authentication. However, 802.1X cannotimplement the authentication scheme solely by itself. RADIUS or local authentication must beconfigured to work with 802.1X.z Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (thatis, local authentication or RADIUS).z For remote RADIUS authentication, the username and password information must be configuredon the RADIUS server.z For local authentication, the username and password information must be configured on the deviceand the service type must be set to lan-access.For detailed configuration of the RADIUS client, refer to AAA Configuration in the Security Volume.Configuring 802.1X GloballyFollow these steps to configure 802.1X globally:To do… Use the command… RemarksEnter system view system-view —