3com 5500-ei pwr Installation Instruction

 

1-2 

format configured with the mac-authentication authmode usernameasmacaddress 

usernameformat command; otherwise, the authentication will fail. 

z 

In fixed mode, all users’ MAC addresses are automatically mapped to the configured local 

passwords and usernames. 

z 

The service type of a local user needs to be configured as lan-access. 

The following timers function in the process of MAC address authentication: 

z 

Offline detect timer: At this interval, the switch checks to see whether an online user has gone 

offline. Once detecting that a user becomes offline, the switch sends a stop-accounting notice to 

the RADIUS server.  

z 

Quiet timer: Whenever a user fails MAC address authentication, the switch does not initiate any 

MAC address authentication of the user during a period defined by this timer.  

z 

Server timeout timer: During authentication of a user, if the switch receives no response from the 

RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out 

and forbids the user from accessing the network.  

When a user fails MAC address authentication, the MAC address becomes a quiet MAC address, which 

means that any packets from the MAC address will be discarded simply by the switch until the quiet 

timer expires. This prevents an invalid user from being authenticated repeatedly in a short time. 

 

If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the 

quiet function is not effective. 

 

Follow these steps to configure basic MAC address authentication functions: 

Enter system view 

— 

Enable MAC address 
authentication 
globally 

Required 

Disabled by default 

In system view

mac-authentication interface 
interface-list 

interface interface-type 
interface-number 

Enable MAC address 
authentication for the 
specified port(s) or 
the current port 

In interface 
view 

Use either method 

Disabled by default