No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Quiet Function

Configuring the Quiet Function

Context

If a user frequently fails NAC authentication within a short period, system performance will be affected, and brute force attacks on the user name and password may occur.

After the quiet function is enabled, if the number of times that a user fails to be authenticated within 60s exceeds the upper limit, the device discards the user's authentication request packets for a period to avoid frequent authentication failures.

NOTE:

When the number of quiet entries reaches the maximum number, the device does not allow new users who are not in the quiet table to access the network.

Procedure

  • Configure the quiet function for 802.1X authentication users.

    1. Run system-view

      The system view is displayed.

    2. Run dot1x quiet-period

      The quiet function is enabled for 802.1X authentication users.

      By default, the quiet function is enabled for 802.1X authentication users.

    3. (Optional) Run dot1x quiet-times fail-times

      The maximum number of authentication failures within 60 seconds before the device quiets an 802.1X authentication user is configured.

      By default, the maximum number of authentication failures is 10.

    4. (Optional) Run dot1x timer quiet-period quiet-period-value

      The quiet period is configured for 802.1X authentication users who fail to be authenticated.

      By default, the quiet period is 60 seconds for 802.1X authentication users who fail to be authenticated.

  • Configure the quiet function for MAC address authentication users.

    NOTE:

    The quiet function for MAC address authentication users takes effect only after the pre-connection function is disabled using the undo authentication pre-authen-access enable command and the device is disabled from assigning network access rights to users in each phase before authentication succeeds using the undo authentication event action authorize command. In multi-mode authentication of MAC address authentication users, the quiet function for MAC address authentication users does not take effect.

    1. Run system-view

      The system view is displayed.

    2. (Optional) Run mac-authen quiet-times fail-times

      The maximum number of authentication failures within 60 seconds before the device quiets a MAC address authentication user is configured.

      By default, the maximum number of authentication failures is 10.

    3. Run mac-authen timer quiet-period quiet-period-value

      The quiet period is configured for MAC address authentication users who fail to be authenticated.

      By default, the quiet period is 60 seconds for MAC address authentication users who fail to be authenticated. If the value of quiet-period-value is 0, the quiet function is disabled for MAC address authentication users.

  • Configure the quiet function for Portal authentication users.

    1. Run system-view

      The system view is displayed.

    2. Run portal quiet-period

      The quiet function is enabled.

      By default, the quiet function is enabled for Portal authentication users.

    3. (Optional) Run portal quiet-times fail-times

      The maximum number of authentication failures within 60 seconds before the device quiets a Portal authentication user is configured.

      By default, the maximum number of authentication failures is 10.

    4. (Optional) Run portal timer quiet-period quiet-period-value

      The quiet period is configured for Portal authentication users who fail to be authenticated.

      By default, the quiet period is 60 seconds for Portal authentication users who fail to be authenticated.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20309

Downloads: 6

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next