HP MSR2000/3000/4000 Router Series Security Command Reference
104
Usage guidelines
MAC authentication uses the following timers:
• Offline detect timer—Sets the interval that the device waits for traffic from a user before it regards
the user idle. If a user connection has been idle within the interval, the device logs the user out and
stops accounting for the user.
• Quiet timer—Sets the interval that the device must wait before it can perform MAC authentication
for a user who has failed MAC authentication. All packets from the MAC address are dropped
during the quiet time. This quiet mechanism prevents repeated authentication from affecting system
performance.
• Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server
before it regards the RADIUS server unavailable. If the timer expires during MAC authentication,
the user cannot access the network.
Examples
# Set the server timeout timer to 150 seconds.
<Sysname> system-view
[Sysname] mac-authentication timer server-timeout 150
Related commands
display mac-authentication
mac-authentication timer auth-delay
Use mac-authentication timer auth-delay to enable MAC authentication delay and set the delay time.
Use undo mac-authentication timer auth-delay to restore the default.
Syntax
mac-authentication timer auth-delay time
undo mac-authentication timer auth-delay
Default
MAC authentication delay is disabled.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
time: Specifies the delay time for MAC authentication in seconds. The value range is 1 to 180.
Usage guidelines
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay MAC
authentication so that 802.1X authentication is preferentially triggered. If no 802.1X authentication is
triggered or if 802.1X authentication fails within the delay period, the port continues to process MAC
authentication.