included depending on the format configured with the mac-authentication authmode usernameasmacaddress usernameformat command; otherwise, the authentication will fail.

zIf the username type is fixed username, you need to configure the fixed username and password on the device, which are used by the device to authenticate all users.

The service type of a local user needs to be configured as lan-access.

Related Concepts

MAC Authentication Timers

The following timers function in the process of MAC authentication:

z

z

z

Offline detect timer: At this interval, the device checks to see whether an online user has gone offline. Once detecting that a user becomes offline, the device sends a stop-accounting notice to the RADIUS server.

Quiet timer: Whenever a user fails MAC authentication, the device does not initiate any MAC authentication of the user during a period defined by this timer.

Server timeout timer: During authentication of a user, if the device receives no response from the RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out and forbids the user from accessing the network.

Quiet MAC Address

When a user fails MAC authentication, the MAC address becomes a quiet MAC address, which means that any packets from the MAC address will be discarded simply by the device until the quiet timer expires. This prevents an invalid user from being authenticated repeatedly in a short time.

If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the quiet function is not effective.

Configuring Basic MAC Authentication Functions

Follow these steps to configure basic MAC authentication functions:

 

To do…

 

Use the command…

 

Remarks

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

Enable MAC

 

 

 

Required

 

authentication

 

mac-authentication

 

 

 

 

Disabled by default

 

globally

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1-2

Page 295
Image 295
3Com WX3000 Related Concepts, Configuring Basic MAC Authentication Functions, MAC Authentication Timers, Quiet MAC Address