Operation Manual – MAC Address AuthenticationH3C S5100-SI/EI Series Ethernet SwitchesChapter 1 MAC Address AuthenticationConfiguration1-2z In fixed mode, the switch sends the user name and password previouslyconfigured for the user to the RADIUS server for authentication.A user can access a network upon passing the authentication performed by theRADIUS server.1.1.2 Performing MAC Address Authentication LocallyWhen authentications are performed locally, users are authenticated by switches. Inthis case,z In MAC address mode, the local user name to be configured is the MAC addressof an access user, while the password may be the MAC address of the user or thefixed password configured (which is used depends on your configuration).Hyphens must or must not be included depending on the format configured withthe mac-authentication authmode usernameasmacaddress usernameformatcommand; otherwise, the authentication will fail.z In fixed mode, all users’ MAC addresses are automatically mapped to theconfigured local passwords and usernames.z The service type of a local user needs to be configured as lan-access.1.2 Related Concepts1.2.1 MAC Address Authentication TimersThe following timers function in the process of MAC address authentication:z Offline detect timer: At this interval, the switch checks to see whether an onlineuser has gone offline. Once detecting that a user becomes offline, the switchsends a stop-accounting notice to the RADIUS server.z Quiet timer: Whenever a user fails MAC address authentication, the switch doesnot initiate any MAC address authentication of the user during a period defined bythis timer.z Server timeout timer: During authentication of a user, if the switch receives noresponse from the RADIUS server in this period, it assumes that its connection tothe RADIUS server has timed out and forbids the user from accessing thenetwork.1.2.2 Quiet MAC AddressWhen a user fails MAC address authentication, the MAC address becomes a quietMAC address, which means that any packets from the MAC address will be discardedsimply by the switch until the quiet timer expires. This prevents an invalid user frombeing authenticated repeatedly in a short time.