R0106-HP MSR Router Series Security Configuration Guide(V7)
104
To configure MAC authentication delay:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Enable MAC authentication
delay and set the delay timer.
mac-authentication timer
auth-delay time
By default, MAC authentication
delay is disabled.
Enabling MAC authentication multi-VLAN mode
The MAC authentication multi-VLAN mode enables a port to forward packets for an authenticated user
in multiple VLANs without reauthentication. When the port receives a packet sourced from the
authenticated MAC address in a different VLAN, the device neither reauthenticates the user nor updates
the original MAC-VLAN mapping. A new MAC-VLAN mapping is created for the MAC address.
This feature improves transmission of data that is vulnerable to delay and interference. The feature is
applicable to scenarios where a user will send various types of traffic in multiple VLANs.
When the MAC authentication multi-VLAN mode is enabled, do not specify authorization VLANs for
MAC authentication users on the port.
To enable MAC authentication multi-VLAN mode:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view.
interface interface-type
interface-number
N/A
3. Enable MAC authentication
multi-VLAN mode.
mac-authentication host-mode
multi-vlan
By default, this feature is disabled
on a port. The port forwards
packets for an authenticated user
only in the VLAN where the user is
authenticated.
Configuring the keep-online feature
By default, the device logs off online MAC authentication users if no server is reachable for MAC
reauthentication. The keep-online feature keeps authenticated MAC authentication users online when no
server is reachable for MAC reauthentication.
In a fast-recovery network, you can use the keep-online feature to prevent MAC authentication users from
coming online and going offline frequently.
To configure the keep-online feature:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A