Article ID: 12933
Products
Matrix N-Series DFE
S-Series
Changes
Enabled MAC Authentication ('
code:set macauthentication...
', '
', '
').
Users on one or more ports have failed authentication, for any reason.
Symptoms
Authentication continues to fail for those users (= MACs), unless the failure is cleared from the port.
Cause
Failed authentications (rejects received from the RADIUS server) are treated differently than other types of failures (timeouts, resource issues, etc.). The macauthentication quiet period is the key here and is set to
by default.
indicates "wait forever regardless of the port state transitions". If you set the quiet period to some other value you will see the same MAC that previously failed try to auth again after that period.
Solution/Workaround
Functions as Designed (FAD).
In operational networks, the quiet period is normally left at its default value. This is because machine-type authentications rarely fail, and when they do, there is usually a good reason - such as an unauthorized user attempting to gain network access.
However, manipulation of this parameter can be helpful during MAC Authentication testing and deployment, to help speed up that process.
To attempt
reauthentication on a port, after some period of time:
code:set macauthentication quietperiod
To clear a prior failure that has already occurred on the same port while
:
code:clear multiauth station port
See also:
7664.
