Accton Technology ES3526XA, ES3552XA 3-75, Configuring the MAC Authentication Reauthentication Time

User Authentication

3-75

address is forwarded by the switch only if the source MAC address is successfully

authenticated by a central RADIUS server. While authentication for a MAC address

is in progress, all traffic is blocked until authentication is compl eted. On successful

authentication, the RADIUS server may optionally assign VLAN settings for the

switch port

When enabled on a port interface, the authentication process sends a Password

Authentication Protocol (PAP) request to a configured RADIUS server. The

username and password are both equal to the MAC addre ss being authenticated.

On the RADIUS server, PAP username and passwords must be configured in the

MAC address format XX-XX-XX-XX-XX-XX (all in upper case).

Authenticated MAC addresses are stored as dynamic entries in the switch secure

MAC address table and are removed when the aging time expires. The maximum

number of secure MAC addresses supported for the switch system is 1024.

Note: MAC authentication cannot be configured on trunk ports.

The RADIUS server may optionally return a VLAN identifier list to be applied to the

switch port. The following attributes need to be configured on the RADIUS server.

•Tunnel-Type = VLAN

•Tunnel-Medium-Type = 802

•Tunnel-Private-Group-ID = 1u,2t [VLAN ID list]

The VLAN identifier list is carried in the RADIUS “Tunnel-Private-Group-ID” attribute.

The VLAN list can contain multiple VLAN identifiers in the format “1u,2t,3u” where

“u” indicates an untagged VLAN and “t” a tagged VLAN.

Configuring the MAC Authentication Reauthentication Time

MAC address authentication is configured on a per-port basis, however there are

two configurable parameters that apply globally to all ports on the switch.

Command Attributes

•Authenticated Age – The secure MAC address table aging time. This parameter

setting is the same as switch MAC address table aging time and is only

configurable from the Address Table, Aging Time web page (see page 3-117).

(Default:300 seconds)

•MAC Authentication Reauthentication Time – Sets the time period after which

a connected MAC address must be re-authenticated. When the reauthentication

time expires for a secure MAC address, it is reauthenticated with the RADIUS

server. During the reauthentication process traffic through the port remains

unaffected. (Default: 1800 seconds; Range: 120-1000000 seconds)