No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Re-authentication for MAC Address Authentication Users

(Optional) Configuring Re-authentication for MAC Address Authentication Users

Context

If the administrator modifies user information on the authentication server, parameters such as the user access permission and authorization attribute are changed. If a user has passed MAC address authentication, you must re-authenticate the user to ensure user validity.

After the user goes online, the device saves user authentication information. After re-authentication is enabled for MAC address authentication users, the device sends the saved authentication information of the online user to the authentication server for re-authentication. If the user's authentication information does not change on the authentication server, the user is kept online. If the authentication information has been changed, the user is forced to go offline, and then re-authenticated according to the changed authentication information.

You can configure re-authentication for MAC address authentication users using either of the following methods:
  • Re-authenticate all online MAC address authentication users on a specified interface at an interval.
  • Re-authenticate the online user once with a specified MAC address.

Procedure

  • Re-authenticate all online MAC address authentication users on a specified interface at an interval.
    1. Run system-view

      The system view is displayed.

    2. Enable periodic re-authentication for all online MAC address authentication users on the specified interface in the system or interface view.

      • In the system view:

      1. Run mac-authen reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

        Periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.

      • In the interface view:

      1. Run interface interface-type interface-number

        The interface view is displayed.

      2. Run mac-authen reauthenticate

        Periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.

      3. Run quit

        Return to the system view.

      By default, periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.

    3. (Optional) Set the re-authentication interval for online MAC address authentication users in the system or interface view.

      NOTE:

      Generally, the default re-authentication interval is recommended. If many ACL rules need to be delivered during user authorization, to improve the device processing performance, you are advised to disable re-authentication or increase the re-authentication internal. When remote authentication and authorization are used and a short re-authentication interval is used, the CPU usage may become high.

      • In the system view:

      1. Run the mac-authen timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online MAC address authentication users.

      • In the interface view:

      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the mac-authen timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online MAC address authentication users.

      The default re-authentication interval for MAC address authentication users in the system view is 1800 seconds, and the re-authentication interval in the interface view is the same as the re-authentication interval configured in the system view.

  • Configure re-authentication for an online MAC address authentication user with a specified MAC address.
    1. Run system-view

      The system view is displayed.

    2. Run mac-authen reauthenticate mac-address mac-address

      Re-authentication is enabled for the online MAC address authentication user with the specified MAC address.

      By default, re-authentication for an online MAC address authentication user with a specified MAC address is disabled.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20652

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next