N/S-Series MAC Authentication Failures will not Retry with Default Quietperiod
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2014 11:31 AM
Article ID: 12933
Products
Matrix N-Series DFE
S-Series
Changes
Enabled MAC Authentication ('
Users on one or more ports have failed authentication, for any reason.
Symptoms
Authentication continues to fail for those users (= MACs), unless the failure is cleared from the port.
Cause
Failed authentications (rejects received from the RADIUS server) are treated differently than other types of failures (timeouts, resource issues, etc.). The macauthentication quiet period is the key here and is set to
Solution/Workaround
Functions as Designed (FAD).
In operational networks, the quiet period is normally left at its default value. This is because machine-type authentications rarely fail, and when they do, there is usually a good reason - such as an unauthorized user attempting to gain network access.
However, manipulation of this parameter can be helpful during MAC Authentication testing and deployment, to help speed up that process.
To attempt reauthentication on a port, after some period of time:
To clear a prior failure that has already occurred on the same port while
See also: 7664.
Products
Matrix N-Series DFE
S-Series
Changes
Enabled MAC Authentication ('
code:
', 'set macauthentication...
code:
', 'set radius...
code:
').set multiauth...
Users on one or more ports have failed authentication, for any reason.
Symptoms
Authentication continues to fail for those users (= MACs), unless the failure is cleared from the port.
Cause
Failed authentications (rejects received from the RADIUS server) are treated differently than other types of failures (timeouts, resource issues, etc.). The macauthentication quiet period is the key here and is set to
code:
by default. 0
code:
indicates "wait forever regardless of the port state transitions". If you set the quiet period to some other value you will see the same MAC that previously failed try to auth again after that period.0
Solution/Workaround
Functions as Designed (FAD).
In operational networks, the quiet period is normally left at its default value. This is because machine-type authentications rarely fail, and when they do, there is usually a good reason - such as an unauthorized user attempting to gain network access.
However, manipulation of this parameter can be helpful during MAC Authentication testing and deployment, to help speed up that process.
To attempt reauthentication on a port, after some period of time:
code:
set macauthentication quietperiod
To clear a prior failure that has already occurred on the same port while
code:
:quietperiod=0
code:
clear multiauth station port
See also: 7664.
0 REPLIES 0
