Configuring periodic MAC reauthentication
Restrictions and guidelines
The device selects a periodic reauthentication timer for MAC reauthentication in the following order:
Server-assigned reauthentication timer.
Port-specific reauthentication timer.
Global reauthentication timer.
Default reauthentication timer.
Any modification to the MAC authentication domain or user account format setting does not affect the reauthentication of online MAC authentication users. The modified setting takes effect only on MAC authentication users that come online after the modification.
Procedure
Enter system view.
system-view
Set the periodic MAC reauthentication timer.
Set a global periodic reauthentication timer.
mac-authentication timer reauth-period reauth-period-value
The default setting is 3600 seconds.
Execute the following commands in sequence to set a port-specific periodic reauthentication timer:
interface interface-type interface-number
mac-authentication timer reauth-period reauth-period-value
quit
By default, no periodic MAC reauthentication timer is set on a port. The port uses the global periodic MAC reauthentication timer.
Enter interface view.
interface interface-type interface-number
Enable periodic MAC reauthentication.
mac-authentication re-authenticate
By default, periodic MAC reauthentication is disabled on a port.
(Optional.) Enable the keep-online feature for authenticated MAC authentication users on the port.
mac-authentication re-authenticate server-unreachable keep-online
By default, the keep-online feature is disabled. The device logs off online MAC authentication users if no server is reachable for MAC reauthentication.
In a fast-recovery network, you can use the keep-online feature to prevent MAC authentication users from coming online and going offline frequently.