3com 5500-SI Manual De Usuario
196
C
HAPTER
14: C
ENTRALIZED
MAC A
DDRESS
A
UTHENTICATION
C
ONFIGURATION
Centralized MAC
Address
Authentication
Configuration
Address
Authentication
Configuration
The following sections describe centralized MAC address authentication
configuration tasks:
configuration tasks:
■
■
■
■
■
For a port, the centralized MAC address authentication configuration and the
maximum number of learned MAC addresses configuration are mutually exclusive.
That is, if you enable the centralized MAC address authentication function for a port,
the maximum number of learned MAC addresses configuration (see the
mac-address max-mac-count command) is unavailable. And if you set the
maximum number of learned MAC addresses, the centralized MAC address
authentication configuration is unavailable.
maximum number of learned MAC addresses configuration are mutually exclusive.
That is, if you enable the centralized MAC address authentication function for a port,
the maximum number of learned MAC addresses configuration (see the
mac-address max-mac-count command) is unavailable. And if you set the
maximum number of learned MAC addresses, the centralized MAC address
authentication configuration is unavailable.
Enabling
Global/Port-based
Centralized MAC
Address Authentication
Table 175 lists the operations to enable centralized MAC address authentication on
specified ports.
specified ports.
Port-based centralized MAC address authentication configurations take effect only
when global centralized MAC address authentication is also enabled.
when global centralized MAC address authentication is also enabled.
Configuring an ISP
Domain for MAC
Address Authentication
Users
Table 176 lists the operations to configure an ISP domain for centralized MAC address
authentication users.
authentication users.
Setting Centralized MAC
Address Authentication
Timers
Following timers are used in centralized MAC address authentication.
■
Offline-detect timer. This timer sets the interval for a switch to test whether or not
a user goes offline. Upon determining a user is offline, a switch notifies the
RADIUS server of the state of the user, and the RADIUS server in turn stops
perform accounting operation on the user.
a user goes offline. Upon determining a user is offline, a switch notifies the
RADIUS server of the state of the user, and the RADIUS server in turn stops
perform accounting operation on the user.
■
Quiet timer. If a user fails to pass the authentication performed by a switch, the
switch stops authenticating users for a specified period before it authenticates
users again. You can use the quiet timer to set the period.
switch stops authenticating users for a specified period before it authenticates
users again. You can use the quiet timer to set the period.
Table 175 Enable/disable centralized MAC address authentication
Operation
Command
Description
Enter system view
system-view
—
Enable centralized
MAC address
authentication
MAC address
authentication
mac-authentication interface
interface-list
interface-list
Required
By default, global and port-based
centralized MAC address
authentications are disabled.
By default, global and port-based
centralized MAC address
authentications are disabled.
Table 176 Configure an ISP domain for MAC address authentication users
Operation
Command
Description
Enter system view
system-view
—
Configure an ISP domain
for MAC address
authentication users
for MAC address
authentication users
mac-authentication domain
isp-name
isp-name
Required
By default, the ISP domain is not
configured for MAC address
authentication users.
By default, the ISP domain is not
configured for MAC address
authentication users.