Configuring mac authentication timers – H3C Technologies H3C S6300 Series Switches User Manual
Page 98
83
Step Command
Remarks
2.
Configure the MAC
authentication user
account format.
•
Use one MAC-based user account
for each user:
mac-authentication
user-name-format mac-address
[ { with-hyphen | without-hyphen }
[ lowercase | uppercase ] ]
•
Use one shared user account for all
users:
mac-authentication
user-name-format fixed [ account
name ] [ password { cipher |
simple } password ]
Use either method.
By default, the device uses the
MAC address of a user as the
username and password for
MAC authentication. The MAC
address is in lower case without
hyphens.
Configuring MAC authentication timers
MAC authentication uses the following timers:
•
Offline detect timer—Sets the interval that the device waits for traffic from a user before it regards
the user idle. If a user connection has been idle within the interval, the device logs the user out and
stops accounting for the user.
•
Quiet timer—Sets the interval that the device must wait before it can perform MAC authentication
for a user who has failed MAC authentication. All packets from the MAC address are dropped
during the quiet time. This quiet mechanism prevents repeated authentication from affecting system
performance.
•
Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server
before it regards the RADIUS server unavailable. If the timer expires during MAC authentication,
the user cannot access the network.
To configure MAC authentication timers:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure MAC
authentication timers.
mac-authentication timer { offline-detect
offline-detect-value | quiet quiet-value |
server-timeout server-timeout-value }
By default, the offline detect
timer is 300 seconds, the quiet
timer is 60 seconds, and the
server timeout timer is 100
seconds.
Setting the maximum number of concurrent MAC
authentication users on a port
Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent MAC authentication users on a port: