Related concepts, Mac authentication timers, Quiet mac address – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 285: Configuring basic mac authentication functions, 2 quiet mac address, Configuring basic mac authentication functions -2

Advertising
background image

29-2

z

If the username type is MAC address, a local user must be configured for each user on the device,
using the MAC address of the accessing user as the username. Hyphens must or must not be
included depending on the format configured with the mac-authentication authmode

usernameasmacaddress usernameformat

command; otherwise, the authentication will fail.

z

If the username type is fixed username, you need to configure the fixed username and password
on the device, which are used by the device to authenticate all users.

The service type of a local user needs to be configured as lan-access.

Related Concepts

MAC Authentication Timers

The following timers function in the process of MAC authentication:

z

Offline detect timer: At this interval, the device checks to see whether an online user has gone
offline. Once detecting that a user becomes offline, the device sends a stop-accounting notice to
the RADIUS server.

z

Quiet timer: Whenever a user fails MAC authentication, the device does not initiate any MAC
authentication of the user during a period defined by this timer.

z

Server timeout timer: During authentication of a user, if the device receives no response from the
RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out
and forbids the user from accessing the network.

Quiet MAC Address

When a user fails MAC authentication, the MAC address becomes a quiet MAC address, which means
that any packets from the MAC address will be discarded simply by the device until the quiet timer
expires. This prevents an invalid user from being authenticated repeatedly in a short time.

If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the
quiet function is not effective.

Configuring Basic MAC Authentication Functions

Follow these steps to configure basic MAC authentication functions:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable MAC
authentication
globally

mac-authentication

Required
Disabled by default

Advertising