Configuring MAC authentication timers
About MAC authentication timers
MAC authentication uses the following timers:
Offline detect timer—Sets the interval that the device waits for traffic from a user before the device regards the user as idle. When the offline detection feature is enabled, the device logs off the user and requests to stop accounting for the user after the timer expires.
Quiet timer—Sets the interval that the device must wait before the device can perform MAC authentication for a user that has failed MAC authentication. All packets from the MAC address are dropped during the quiet time. This quiet mechanism prevents repeated authentication from affecting system performance.
Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server before the device regards the RADIUS server unavailable. If the timer expires during MAC authentication, MAC authentication fails.
Restrictions and guidelines
To avoid forcible user logoffs before the server timeout timer expires, set the server timeout timer to a value not more than the product of the following values:
The maximum number of RADIUS packet transmission attempts set by using the retry command in RADIUS scheme view.
The RADIUS server response timeout period set by using the timer response-timeout command in RADIUS scheme view.
For information about setting the maximum number of RADIUS packet transmission attempts and the RADIUS server response timeout period, see "Configuring AAA."
Procedure
Enter system view.
system-view
Configure MAC authentication timers.
mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value | server-timeout server-timeout-value }
By default, the offline detect timer is 300 seconds, the quiet timer is 60 seconds, and the server timeout timer is 100 seconds.