Filter
Top Products
1-2
included depending on the format configured with the mac-authentication authmode
usernameasmacaddress usernameformat command; otherwise, the authentication will fail.
z If the username type is fixed username, you need to configure the fixed username and password
on the device, which are used by the device to authenticate all users.
The service type of a local user needs to be configured as lan-access.
Related Concepts
MAC Authentication Timers
The following timers function in the process of MAC authentication:
z Offline detect timer: At this interval, the device checks to see whether an online user has gone
offline. Once detecting that a user becomes offline, the device sends a stop-accounting notice to
the RADIUS server.
z Quiet timer: Whenever a user fails MAC authentication, the device does not initiate any MAC
authentication of the user during a period defined by this timer.
z Server timeout timer: During authentication of a user, if the device receives no response from the
RADIUS server in this period, it assumes that its connection to the RADIUS server has timed out
and forbids the user from accessing the network.
Quiet MAC Address
When a user fails MAC authentication, the MAC address becomes a quiet MAC address, which means
that any packets from the MAC address will be discarded simply by the device until the quiet timer
expires. This prevents an invalid user from being authenticated repeatedly in a short time.
If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the
quiet function is not effective.
Configuring Basic MAC Authentication Functions
Follow these steps to configure basic MAC authentication functions:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable MAC
authentication
globally
mac-authentication
Required
Disabled by default