beautypg.com

Configuring mac authentication timers – H3C Technologies H3C S6300 Series Switches User Manual

Page 98

background image

83

Step Command

Remarks

2.

Configure the MAC

authentication user
account format.

Use one MAC-based user account
for each user:

mac-authentication

user-name-format mac-address
[ { with-hyphen | without-hyphen }

[ lowercase | uppercase ] ]

Use one shared user account for all
users:

mac-authentication

user-name-format fixed [ account

name ] [ password { cipher |
simple } password ]

Use either method.
By default, the device uses the
MAC address of a user as the

username and password for
MAC authentication. The MAC

address is in lower case without

hyphens.

Configuring MAC authentication timers

MAC authentication uses the following timers:

Offline detect timer—Sets the interval that the device waits for traffic from a user before it regards
the user idle. If a user connection has been idle within the interval, the device logs the user out and
stops accounting for the user.

Quiet timer—Sets the interval that the device must wait before it can perform MAC authentication
for a user who has failed MAC authentication. All packets from the MAC address are dropped

during the quiet time. This quiet mechanism prevents repeated authentication from affecting system

performance.

Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server
before it regards the RADIUS server unavailable. If the timer expires during MAC authentication,
the user cannot access the network.

To configure MAC authentication timers:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure MAC
authentication timers.

mac-authentication timer { offline-detect
offline-detect-value | quiet quiet-value |

server-timeout server-timeout-value }

By default, the offline detect
timer is 300 seconds, the quiet

timer is 60 seconds, and the

server timeout timer is 100

seconds.

Setting the maximum number of concurrent MAC

authentication users on a port

Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent MAC authentication users on a port: