Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
Chapter 4 MAC Authentication Configuration
4-2
If the authentication succeeds, the user will be granted permission to access the
network resources.
4.1.2 Local MAC Authentication
In local MAC authentication, the device performs authentication of users locally and
different items need to be manually configured for users on the device according to the
type of MAC authentication username:
z
If the type of MAC authentication username is MAC address, a local user must be
configured for each user on the device, using the MAC address of the user as both
the username and password.
z
If the type of MAC authentication username is fixed username, a single username
and optionally a single password are required for the device to authenticate all
users.
4.2 Related Concepts
4.2.1 MAC Authentication Timers
The following timers function in the process of MAC authentication:
z
Offline detect timer: At this interval, the device checks to see whether an online
user has gone offline. Once detecting that a user becomes offline, the device
sends to the RADIUS server a stop accounting notice.
z
Quiet timer: Whenever a user fails MAC authentication, the device does not initiate
any MAC authentication of the user during such a period.
z
Server timeout timer: During authentication of a user, if the device receives no
response from the RADIUS server in this period, it assumes that its connection to
the RADIUS server has timed out and forbids the user from accessing the
network.
4.2.2 Quiet MAC Address
When a user fails MAC authentication, the MAC address becomes a quiet MAC
address, which means that any packets from the MAC address will be discarded simply
by the device until the quiet timer expires. This prevents the device from authenticating
invalid users repeatedly in a short time.