Local Mac Authentication; Related Concepts; Mac Authentication Timers; Quiet Mac Address - 3Com MSR 50 Series Configuration Manual

1804 C 95: MAC A
HAPTER
Local MAC
Authentication

Related Concepts

MAC Authentication
Timers

Quiet MAC Address

Configuring MAC
Authentication
Configuration
Prerequisites
C
UTHENTICATION ONFIGURATION
If the type of username is fixed username, the device sends the same username
■
and password configured locally to the RADIUS server for authentication of
each user.
If the authentication succeeds, the user will be granted permission to access the
network resources.
In local MAC authentication, the device performs authentication of users locally
and different items need to be manually configured for users on the device
according to the specified type of username:
If the type of username is MAC address, a local user must be configured for
■
each user on the device, using the MAC address of the user as both the
username and password.
If the type of username is fixed username, a single username and optionally a
■
single password are required for the device to authenticate all users.
The following timers function in the process of MAC authentication:
Offline detect timer: At this interval, the device checks to see whether an online
■
user has gone offline. Once detecting that a user becomes offline, the device
sends to the RADIUS server a stop accounting notice.
Quiet timer: Whenever a user fails MAC authentication, the device does not
■
initiate any MAC authentication of the user during such a period.
Server timeout timer: During authentication of a user, if the device receives no
■
response from the RADIUS server in this period, it assumes that its connection
to the RADIUS server has timed out and forbids the user from accessing the
network.
When a user fails MAC authentication, the MAC address becomes a quiet MAC
address, which means that any packets from the MAC address will be discarded
simply by the device until the quiet timer expires. This prevents the device from
authenticating an invalid user repeatedly in a short time.
c
CAUTION: If the quiet MAC is the same as the static MAC configured or an
authentication-passed MAC, then the quiet function is not effective.
Create and configure an ISP domain.
■
For local authentication, create the local users and configure the passwords.
■
For RADIUS authentication, ensure that a route is available between the device
■
and the RADIUS server.
c
CAUTION: For local authentication