3com 5500-SI Manual Do Utilizador
Centralized MAC Address Authentication Configuration 197
■
Server-timeout timer. If the connection between a switch and a RADIUS server
times out when the switch authenticates a user on one of its ports, the switch
turns down the user. You can use the server-timeout timer to set the time out
time.
times out when the switch authenticates a user on one of its ports, the switch
turns down the user. You can use the server-timeout timer to set the time out
time.
■
Table 177 lists the operations to set centralized MAC address authentication
timers.
timers.
Displaying and
Debugging Centralized
MAC Address
Authentication
You can display and verify centralized MAC address authentication-related
configuration by executing the display command in any view.
configuration by executing the display command in any view.
Centralized MAC
Address Authentication
Configuration Example
The configuration of centralized MAC address authentication is the same as that of
802.1x in this example except that:
802.1x in this example except that:
■
Centralized MAC address authentication is enabled both globally and for the
ports.
ports.
■
For MAC address mode, the user name and password of a user to be
authenticated locally need to be configured as the MAC address of the user.
authenticated locally need to be configured as the MAC address of the user.
■
For MAC address mode, the user name and password of a user to be
authenticated by a RADIUS server need to be configured as the MAC address of
the user on the RADIUS server.
authenticated by a RADIUS server need to be configured as the MAC address of
the user on the RADIUS server.
The following example describes how to enable port-based and global centralized
MAC address authentication, and local user configuration.
MAC address authentication, and local user configuration.
1 Enable centralized MAC address authentication on GigabitEthernet1/0/2 port.
<S5500> system-view
[S5500] mac-authentication interface GigabitEthernet 1/0/2
2 Configure centralized MAC address authentication mode to be MAC address mode.
[S5500] mac-authentication authmode usernameasmacaddress
3 Add a local access user.
a Configure the user name and password for the local user.
[S5500] local-user 00-e0-fc-01-01-01
[S5500-luser-00-e0-fc-01-01-01] password simple 00-e0-fc-01-01-01
b Set service type to LAN-access for the local user.
[S5500-luser-00-e0-fc-01-01-01] service-type lan-access
Table 177 Set a centralized MAC address authentication timer
Operation
Command
Description
Enter system view
system-view
Set a centralized MAC
address authentication
timer
address authentication
timer
mac-authentication timer {
offline-detect
offline-detect-value | quiet
quiet-value | server-timeout
server-timeout-value }
offline-detect
offline-detect-value | quiet
quiet-value | server-timeout
server-timeout-value }
Optional
By default, the three MAC address
authentication timers are set as
follows:
By default, the three MAC address
authentication timers are set as
follows:
Offline-detect timer: 300 seconds
Quiet timer: 1 minute
Server-timeout timer: 100 seconds
Table 178 Display and debug centralized MAC address authentication
Operation
Command
Description
Display global information
about centralized MAC address
authentication
about centralized MAC address
authentication
display
mac-authentication [
interface interface-list ]
mac-authentication [
interface interface-list ]
Optional
You can execute the display
command in any view.
You can execute the display
command in any view.