Configuration Guide 802.1x Configuration
If one MAC address has passed the MAB authentication for one port and it appears on other ports, the MAB
violation will be set for the latter port.
The MAB authentication is invalid for the static address and the filtering address. If the user configures the
MAB port and static address concurrently, when the port begins the MAB authentication and fails to pass the
authentication, the static address cannot communicate.
The MAB authentication offers the access-auth service for the device without the auth-client software. Those
devices generally cannot recognize the 802.1Q TAG labels. To this end, it is recommended that the
MAB-auth function shall be set on the ACCESS port. Otherwise, even though it passes the authentication,
the communication between the devices fails.
When the GSN address binding function is enabled on the port, the user authenticated in MAB mode cannot
access the network.
Configuring Dot1x MAC Authentication Bypass Timeout
After a MAC address authentication in the MAB mode is online, this MAC address will always be online unless the re-auth
fails, the port is Down or it is forcibly offline due to the administration policy.
The user can configure the allowed online time of those authentication MAC address. 0 is the default value, indicating that
the MAC address is always online.
To configure the MAB timeout, run the following commands:
Following example shows how to configure the MAB timeout time.
Ruijie# configure terminal
Ruijie(config)# interface fa 0/1
Ruijie(config-if)# dot1x mac-auth-bypass timeout-activity 3600
If the online time for the MAC address authentication is also assigned by the server, this online time is
independent from the timeout-activity.
To Next Page
Loading...
