270 CHAPTER 22: MAC AUTHENTICATION CONFIGURATION
■ The service type of a local user needs to be configured as lan-access.
Related Concepts
MAC Authentication
Timers
The following timers function in the process of MAC authentication:
■ Offline detect timer: At this interval, the switch checks to see whether an
online user has gone offline. Once detecting that a user becomes offline, the
switch sends a stop-accounting notice to the RADIUS server.
■ Quiet timer: Whenever a user fails MAC authentication, the switch does not
initiate any MAC authentication of the user during a period defined by this
timer.
■ Server timeout timer: During authentication of a user, if the switch receives no
response from the RADIUS server in this period, it assumes that its connection
to the RADIUS server has timed out and forbids the user from accessing the
network.
Quiet MAC Address When a user fails MAC authentication, the MAC address becomes a quiet MAC
address, which means that any packets from the MAC address will be discarded
simply by the switch until the quiet timer expires. This prevents an invalid user
from being authenticated repeatedly in a short time.
c
CAUTION: If the quiet MAC is the same as the static MAC configured or an
authentication-passed MAC, then the quiet function is not effective.
Configuring Basic
MAC Authentication
Functions
Tabl e 204 Configure basic MAC authentication functions
Operation Command Remarks
Enter system
view
system-view -
Enable MAC
authentication
globally
mac-authentication Required
Disabled by default
Enable MAC
authentication
for the specified
port(s) or the
current port
In system
view
mac-authentication interface
interface-list
Use either method
Disabled by default
In
interface
view
interface interface-type
interface-number
mac-authentication
quit
Set the user
name in MAC
address mode
for MAC
authentication
mac-authentication authmode
usernameasmacaddress [ usernameformat {
with-hyphen | without-hyphen } { lowercase |
uppercase } | fixedpassword password ]
Optional
By default, the MAC
address of a user is used
as the user name.
To Next Page
Loading...
