beautypg.com

Related concepts, Mac address authentication timers, Quiet mac address – H3C Technologies H3C S3600 Series Switches User Manual

Page 567

background image

1-2

z

In MAC address mode, the local user name to be configured is the MAC address of an access user,

while the password may be the MAC address of the user or the fixed password configured (which is

used depends on your configuration). Hyphens must or must not be included depending on the

format configured with the mac-authentication authmode usernameasmacaddress

usernameformat command; otherwise, the authentication will fail.

z

In fixed mode, all users’ MAC addresses are automatically mapped to the configured local

passwords and usernames.

z

The service type of a local user needs to be configured as lan-access.

Related Concepts

MAC Address Authentication Timers

The following timers function in the process of MAC address authentication:

z

Offline detect timer: At this interval, the switch checks to see whether an online user has gone

offline. Once detecting that a user becomes offline, the switch sends a stop-accounting notice to

the RADIUS server.

z

Quiet timer: Whenever a user fails MAC address authentication, the switch does not initiate any

MAC address authentication of the user during a period defined by this timer.

z

Server timeout timer: During authentication of a user, if the switch receives no response from the

RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out

and forbids the user from accessing the network.

Quiet MAC Address

When a user fails MAC address authentication, the MAC address becomes a quiet MAC address, which

means that any packets from the MAC address will be discarded simply by the switch until the quiet

timer expires. This prevents an invalid user from being authenticated repeatedly in a short time.

If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the

quiet function is not effective.

Configuring Basic MAC Address Authentication Functions

Follow these steps to configure basic MAC address authentication functions:

To do...

Use the command...

Remarks

Enter system view

system-view

Enable MAC address
authentication
globally

mac-authentication

Required

Disabled by default

Enable MAC address
authentication for the

In system view

mac-authentication interface
interface-list

Use either method

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: