Usage guidelines
The keep-online feature keeps authenticated MAC authentication users online when no server is
reachable for MAC reauthentication.
This command takes effect only after the server assigns the Radius-request action attribute to the
authenticated MAC authentication user (see
device will reauthenticate the user when the session timeout timer expires.
Examples
# Enable the keep-online feature for authenticated MAC authentication users on GigabitEthernet
1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] mac-authentication re-authenticate server-unreachable
keep-online
Related commands
display mac-authentication
mac-authentication timer
Use mac-authentication timer to set the MAC authentication timers.
Use undo mac-authentication timer to restore the defaults.
Syntax
mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value | server-timeout
server-timeout-value }
undo mac-authentication timer { offline-detect | quiet | server-timeout }
Default
The offline detect timer is 300 seconds, the quiet timer is 60 seconds, and the server timeout timer is
100 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
offline-detect offline-detect-value: Specifies the offline detect timer in the range of 60 to 65535, in
seconds.
quiet quiet-value: Specifies the quiet timer in the range of 1 to 3600, in seconds.
server-timeout server-timeout-value: Specifies the server timeout timer in the range of 100 to 300,
in seconds.
Usage guidelines
MAC authentication uses the following timers:
•
Offline detect timer—Sets the interval that the device waits for traffic from a user before the
device regards the user idle. If a user connection has been idle within the interval, the device
logs the user out and stops accounting for the user.
•
Quiet timer—Sets the interval that the device must wait before the device can perform MAC
authentication for a user who has failed MAC authentication. All packets from the MAC address
"display mac-authentication
200
connection"). The access