3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

971

972

973

974

975

976

977

978

979

980

982 CHAPTER 75: MAC AUTHENTICATION CONFIGURATION

to the RADIUS server has timed out and forbids the user from accessing the

network.

Quiet MAC Address When a user fails MAC authentication, the MAC address becomes a quiet MAC

address, which means that any packets from the MAC address will be discarded

simply by the device until the quiet timer expires. This prevents an invalid user from

being authenticated repeatedly in a short time.

Configuring MAC

Authentication

Configuration

Prerequisites

■ Create and configure an ISP domain.

■ For local authentication, create the local users and configure the passwords.

■ For RADIUS authentication, ensure that a route is available between the device

and the RADIUS server.

CAUTION: For local authentication:

■ The user name and password of a local user must be the MAC address of the

user.

■ The MAC address to be used as the user name and password of a local user

must be in the HHH format and contain only lower-case letters and no "-".

■ The service type of the local user must be configured as lan-access.

Configuration Procedure Follow these steps to configure centralized MAC authentication:

To do... Use the command... Remarks

Enter system view system-view -

Enable MAC

authentication globally

mac-authentication Required

Disabled by default

Enable MAC

authentication for

specified ports

mac-authentication interface

interface-list

Required

Disabled by default

interface interface-type

interface-number

mac-authentication

Specify the ISP domain for

MAC authentication

mac-authentication domain

isp-name

Optional

The default ISP domain

(system) is used by default.

Set the offline detect

timer

mac-authentication timer

offline-detect

offline-detect-value

Optional

Interval of detecting whether

the user is offline

300 seconds by default

Set the quiet timer mac-authentication timer

quiet quiet-value

Optional

When user authentication

fails, the device will be quiet

for a period of time before

reinitiating the authentication.

One minute by default