1-2Local MAC AuthenticationIn local MAC authentication, the device performs authentication of users locally and different itemsneed to be manually configured for users on the device according to the specified type of username:z If the type of username is MAC address, a local user must be configured for each user on thedevice, using the MAC address of the accessing user as both the username and password.z If the type of username is fixed username, a single username and optionally a single password arerequired for the device to authenticate all users.Related ConceptsMAC Authentication TimersThe following timers function in the process of MAC authentication:z Offline detect timer: At this interval, the device checks to see whether there is traffic from a user.Once detecting that there is no traffic from a user within this interval, the device logs the user outand sends to the RADIUS server a stop accounting request.z Quiet timer: Whenever a user fails MAC authentication, the device does not perform MACauthentication of the user during such a period.z Server timeout timer: During authentication of a user, if the device receives no response from theRADIUS server in this period, it assumes that its connection to the RADIUS server has timed outand forbids the user to access the network.Quiet MAC AddressWhen a user fails MAC authentication, the MAC address becomes a quiet MAC address, which meansthat any packets from the MAC address will be discarded silently by the device until the quiet timerexpires. This prevents the device from authenticating an illegal user repeatedly in a short time.If a quiet MAC address is the same as a static MAC address configured or an MAC address that haspassed another type of authentication, the quiet function does not take effect.VLAN AssigningFor separation of users from restricted network resources, users and restricted resources are usuallyput into different VLANs. After a user passes identity authentication, the authorization server assigns tothe user the VLAN where the restricted resources reside as an authorized VLAN, and the port throughwhich the user accesses the device will be assigned to the authorized VLAN. As a result, the user canaccess those restricted network resources.Guest VLAN of MAC AuthenticationGuest VLAN allows unauthenticated users to access a specified VLAN, where the users can, forexample, download or upgrade the client software, or execute some user upgrade programs. ThisVLAN is called the guest VLAN.