Related Concepts; Mac Address Authentication Timers; Quiet Mac Address - H3C S5600 SERIES Operation Manual
Hide thumbs
Also See for S5600 SERIES:
- Operation manual (1278 pages) ,
- Configuration (313 pages) ,
- Operation manual (24 pages)
Table of Contents
Advertisement
In MAC address mode, the switch sends the MAC addresses detected to the RADIUS server as
both the user names and passwords, or sends the MAC addresses detected to the RADIUS server
as the user names and uses the configured fixed password as the password.
In fixed mode, the switch sends the user name and password previously configured for the user to
the RADIUS server for authentication.
A user can access a network upon passing the authentication performed by the RADIUS server.
Performing MAC Address Authentication Locally
When authentications are performed locally, users are authenticated by switches. In this case,
In MAC address mode, the local user name to be configured is the MAC address of an access user,
while the password may be the MAC address of the user or the fixed password configured (which is
used depends on your configuration). Hyphens must or must not be included depending on the
format
configured
usernameformat command; otherwise, the authentication will fail.
In fixed mode, all users' MAC addresses are automatically mapped to the configured local
passwords and usernames.
The service type of a local user needs to be configured as lan-access.
Related Concepts
MAC Address Authentication Timers
The following timers function in the process of MAC address authentication:
Offline detect timer: At this interval, the switch checks to see whether an online user has gone
offline. Once detecting that a user becomes offline, the switch sends a stop-accounting notice to
the RADIUS server.
Quiet timer: Whenever a user fails MAC address authentication, the switch does not initiate any
MAC address authentication of the user during a period defined by this timer.
Server timeout timer: During authentication of a user, if the switch receives no response from the
RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out
and forbids the user from accessing the network.
Quiet MAC Address
When a user fails MAC address authentication, the MAC address becomes a quiet MAC address, which
means that any packets from the MAC address will be discarded simply by the switch until the quiet
timer expires. This prevents an invalid user from being authenticated repeatedly in a short time.
If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the
quiet function is not effective.
with
the
mac-authentication
1-2
authmode
usernameasmacaddress
Advertisement
Chapters
Table of Contents
Troubleshooting
