EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #128 background imageLoading...
Page #128 background image
115
MAC authentication timers
MAC authentication uses the following timers:
• Offline detect timer—Sets the interval that the device waits for traffic from a user before it
regards the user idle. If a user connection has been idle for two consecutive intervals, the
device logs the user out and stops accounting for the user.
• Quiet timer—Sets the interval that the device must wait before it can perform MAC
authentication for a user that has failed MAC authentication. All packets from the MAC address
are dropped during the quiet time. This quiet mechanism prevents repeated authentication from
affecting system performance.
• Server timeout timer—Sets the interval that the access device waits for a response from a
RADIUS server before it regards the RADIUS server unavailable. If the timer expires during
MAC authentication, the user cannot access the network.
Using MAC authentication with other features
The following matrix shows the feature and hardware compatibility:
Hardware
VLAN assignment
compatibility
ACL assignment
compatibility
MSR900 No No
MSR93X No No
MSR20-1X No No
MSR20 No No
MSR30 Yes
Supported only on
MSR30-11E and
MSR30-11F
MSR50 Yes No
MSR1000 No No
VLAN assignment
You can specify a VLAN in the user account for a MAC authentication user to control its access to
network resources. After the user passes MAC authentication, the authentication server, either the
local access device or a RADIUS server, assigns the VLAN to the port as the default VLAN. After the
user logs off, the initial default VLAN, or the default VLAN configured before any VLAN is assigned
by the authentication server, restores. If the authentication server assigns no VLAN, the initial default
VLAN applies.
A hybrid port is always assigned to a server-assigned VLAN as an untagged member. After the
assignment, do not re-configure the port as a tagged member in the VLAN.
ACL assignment
You can specify an ACL in the user account for a MAC authentication user to control its access to
network resources. After the user passes MAC authentication, the authentication server, either the
local access device or a RADIUS server, assigns the ACL to the access port to filter the traffic from
this user. You must configure the ACL on the access device for the ACL assignment function. You
can change ACL rules while the user is online.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals