3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
270
C
HAPTER
22: MAC A
UTHENTICATION
C
ONFIGURATION
■
The service type of a local user needs to be configured as lan-access.
Related Concepts
MAC Authentication
Timers
The following timers function in the process of MAC authentication:
■
Offline detect timer: At this interval, the switch checks to see whether an
online user has gone offline. Once detecting that a user becomes offline, the
switch sends a stop-accounting notice to the RADIUS server.
online user has gone offline. Once detecting that a user becomes offline, the
switch sends a stop-accounting notice to the RADIUS server.
■
Quiet timer: Whenever a user fails MAC authentication, the switch does not
initiate any MAC authentication of the user during a period defined by this
timer.
initiate any MAC authentication of the user during a period defined by this
timer.
■
Server timeout timer: During authentication of a user, if the switch receives no
response from the RADIUS server in this period, it assumes that its connection
to the RADIUS server has timed out and forbids the user from accessing the
network.
response from the RADIUS server in this period, it assumes that its connection
to the RADIUS server has timed out and forbids the user from accessing the
network.
Quiet MAC Address
When a user fails MAC authentication, the MAC address becomes a quiet MAC
address, which means that any packets from the MAC address will be discarded
simply by the switch until the quiet timer expires. This prevents an invalid user
from being authenticated repeatedly in a short time.
address, which means that any packets from the MAC address will be discarded
simply by the switch until the quiet timer expires. This prevents an invalid user
from being authenticated repeatedly in a short time.
c
CAUTION: If the quiet MAC is the same as the static MAC configured or an
authentication-passed MAC, then the quiet function is not effective.
authentication-passed MAC, then the quiet function is not effective.
Configuring Basic
MAC Authentication
Functions
MAC Authentication
Functions
Table 204 Configure basic MAC authentication functions
Operation
Command
Remarks
Enter system
view
view
system-view
-
Enable MAC
authentication
globally
authentication
globally
mac-authentication
Required
Disabled by default
Enable MAC
authentication
for the specified
port(s) or the
current port
authentication
for the specified
port(s) or the
current port
In system
view
view
mac-authentication interface
interface-list
interface-list
Use either method
Disabled by default
In
interface
view
interface
view
interface interface-type
interface-number
interface-number
mac-authentication
quit
Set the user
name in MAC
address mode
for MAC
authentication
name in MAC
address mode
for MAC
authentication
mac-authentication authmode
usernameasmacaddress [ usernameformat {
with-hyphen | without-hyphen } { lowercase |
uppercase } | fixedpassword password ]
usernameasmacaddress [ usernameformat {
with-hyphen | without-hyphen } { lowercase |
uppercase } | fixedpassword password ]
Optional
By default, the MAC
address of a user is used
as the user name.
address of a user is used
as the user name.