Configuring MAC authentication timers
MAC authentication uses the following timers:
Offline detect timer—Sets the interval that the device waits for traffic from a user before the device regards the user idle. If a user connection has been idle within the interval, the device logs the user out and stops accounting for the user. In Release 1121 and later, this timer takes effect when the MAC authentication offline detection feature is enabled.
After you set the offline detect timer, assign the same value to the MAC address aging timer by using the mac-address timer command. This operation prevents a MAC authenticated user from being offline within the offline detect timer due to MAC address entry expiration.
Quiet timer—Sets the interval that the device must wait before the device can perform MAC authentication for a user who has failed MAC authentication. All packets from the MAC address are dropped during the quiet time. This quiet mechanism prevents repeated authentication from affecting system performance.
Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server before the device regards the RADIUS server unavailable. If the timer expires during MAC authentication, the user cannot access the network.
To configure MAC authentication timers:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure MAC authentication timers. | mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value | server-timeout server-timeout-value } | By default, the offline detect timer is 300 seconds, the quiet timer is 60 seconds, and the server timeout timer is 100 seconds. |