Configuring periodic MAC reauthentication

Restrictions and guidelines

The device selects a periodic reauthentication timer for MAC reauthentication in the following order:

  1. Server-assigned reauthentication timer.

  2. Port-specific reauthentication timer.

  3. Global reauthentication timer.

  4. Default reauthentication timer.

Any modification to the MAC authentication domain or user account format setting does not affect the reauthentication of online MAC authentication users. The modified setting takes effect only on MAC authentication users that come online after the modification.

Procedure

  1. Enter system view.

    system-view

  2. Set the periodic MAC reauthentication timer.

    • Set a global periodic reauthentication timer.

      mac-authentication timer reauth-period reauth-period-value

      The default setting is 3600 seconds.

    • Execute the following commands in sequence to set a port-specific periodic reauthentication timer:

      interface interface-type interface-number

      mac-authentication timer reauth-period reauth-period-value

      quit

      By default, no periodic MAC reauthentication timer is set on a port. The port uses the global periodic MAC reauthentication timer.

  3. Enter interface view.

    interface interface-type interface-number

  4. Enable periodic MAC reauthentication.

    mac-authentication re-authenticate

    By default, periodic MAC reauthentication is disabled on a port.

  5. (Optional.) Enable the keep-online feature for authenticated MAC authentication users on the port.

    mac-authentication re-authenticate server-unreachable keep-online

    By default, the keep-online feature is disabled. The device logs off online MAC authentication users if no server is reachable for MAC reauthentication.

    In a fast-recovery network, you can use the keep-online feature to prevent MAC authentication users from coming online and going offline frequently.