5-2Related ConceptsMAC Authentication TimersThe following timers function in the process of MAC authentication:z Offline detect timer: At this interval, the device checks to see whether there is traffic from a user.Once detecting that there is no traffic from a user within this interval, the device logs the user outand sends to the RADIUS server a stop accounting request.z Quiet timer: Whenever a user fails MAC authentication, the device does not perform MACauthentication of the user during such a period.z Server timeout timer: During authentication of a user, if the device receives no response from theRADIUS server in this period, it assumes that its connection to the RADIUS server has timed outand forbids the user to access the network.Quiet MAC AddressWhen a user fails MAC authentication, the MAC address becomes a quiet MAC address, which meansthat any packets from the MAC address will be discarded silently by the device until the quiet timerexpires. This prevents the device from authenticating an illegal user repeatedly in a short time.If a quiet MAC address is the same as a static MAC address configured or an MAC address that haspassed another type of authentication, the quiet function does not take effect.VLAN AssigningFor separation of users from restricted network resources, users and restricted resources are usuallyput into different VLANs. After a user passes identity authentication, the authorization server assigns tothe user the VLAN where the restricted resources reside as an authorized VLAN, and the port throughwhich the user accesses the device will be assigned to the authorized VLAN. As a result, the user canaccess those restricted network resources.ACL AssigningACLs assigned by an authorization server are referred to as authorization ACLs, which are designed tocontrol access to network resources. If the RADIUS server is configured with authorization ACLs, thedevice will permit or deny data flows traversing through the port through which a user accesses thedevice according to the authorization ACLs. You can change access rights of users by modifyingauthorization ACL settings on the RADIUS server.Configuring MAC AuthenticationConfiguration Prerequisitesz Create and configure an ISP domain.z For local authentication, create the local users and configure the passwords.