Mac Authentication Timers; Using Mac Authentication With Other Features; Vlan Assignment; Acl Assignment - HP A5830 Series Configuration Manual

MAC authentication timers

MAC authentication uses the following timers:
Offline detect timer—Sets the interval that the device waits for traffic from a user before it regards
•
the user idle. If a user connection has been idle for two consecutive intervals, the device logs the
user out and stops accounting for the user.
Quiet timer—Sets the interval that the device must wait before it can perform MAC authentication
•
for a user who has failed MAC authentication. All packets from the MAC address are dropped
during the quiet time. This quiet mechanism prevents repeated authentication from affecting system
performance.
Server timeout timer—Sets the interval that the access device waits for a response from a RADIUS
•
server before it regards the RADIUS server unavailable. If the timer expires during MAC
authentication, the user cannot access the network.

Using MAC authentication with other features

VLAN assignment

Specify a VLAN in the user account for a MAC authentication user to control the account's access to
network resources.
After the user passes MAC authentication, the authentication server (either the local access device or a
RADIUS server) assigns the port's default VLAN.
A hybrid port is always assigned to a server-assigned VLAN as an untagged member. After
•
assignment, do not re-configure the port as the VLAN's tagged member.
If MAC-based VLAN is enabled on a hybrid port, the device maps the server-assigned VLAN to the
•
user's MAC address. The hybrid port's default VLAN does not change.
After the user logs off, the initial default VLAN or the configured default VLAN is restored. If the
•
authentication server does not assign a VLAN, the initial default VLAN applies.

ACL assignment

You can specify an ACL in the user account for a MAC authentication user to control its access to
network resources. After the user passes MAC authentication, the authentication server, either the local
access device or a RADIUS server, assigns the ACL to the access port to filter the traffic from this user.
You must configure the ACL on the access device for the ACL assignment function. You can change ACL
rules while the user is online.

Guest VLAN

You can configure a guest VLAN to accommodate MAC authentication users who have failed MAC
authentication on the port. Users in the MAC authentication guest VLAN can access a limited set of
network resources, such as a software server, to download anti-virus software and system patches. If no
MAC authentication guest VLAN is configured, the user who fails MAC authentication cannot access any
network resources.
97