H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – Centralized MAC Address Authentication

H3C S3100-52P Ethernet Switch

Chapter 1 Centralized MAC Address

Authentication Configuration

1-4

Operation

Command

Description

Set a user name for fixed

mode

mac-authentication

authusername
username

Required for fixed mode
By default, the user name

is mac and no password

is needed.

Set the password for fixed

mode

mac-authentication
authpassword password

Optional

1.2.4 Configuring the ISP Domain for MAC Address Authentication Users

Table 1-5 lists the operations to configure the ISP domain for centralized MAC address
authentication users.

Table 1-5

Configure the ISP domain for MAC address authentication users

Operation

Command

Description

Enter system view

system-view

—

Configure the ISP domain

for MAC address

authentication users

mac-authentication
domain isp-name

Required
By default, the “default

domain” is used as the

ISP domain.

1.2.5 Configuring the Timers Used in Centralized MAC Address
Authentication

The following timers are used in centralized MAC address authentication:

z

Offline detect timer, which sets the time interval for a switch to test whether a user
goes offline. Upon detecting a user is offline, a switch notifies the RADIUS server
of the user to trigger the RADIUS server to stop the accounting on the user.

z

Quiet timer, which sets the quiet period for a switch. After a user fails to pass the
authentication performed by a switch, the switch quiets for a specific period (the
quiet period) before it authenticates users again.

z

Server timeout timer. During authentication, the switch prohibits the user from
accessing the network through the corresponding port if the connection between
the switch and RADIUS server times out. In this case, the user can have it
authenticated through another port of the switch.

Table 1-6 lists the operations to configure the timers used in centralized MAC address
authentication.