Configuration Condition
None
Configure Max. Users of the Interface
If the authenticated users in the interface reach the configured threshold, the authentication system does not respond to the authentication requests of the new users. The value range of the maximum users of the L2 interface is 1-4096. The value range of the maximum users of the L3 interface is 1-500.
Table 13–12 Configure the maximum users of the interface
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group. After entering the interface configuration mode, the subsequent configuration just takes effect on the current interface.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the maximum users of the interface
|
authentication max-user-num max-user-num-value
|
Mandatory
By default, the maximum number of the users permitted to be connected in the interface is 256.
|
-
In the L2 interface, it is necessary to configure as the user-based access control mode (Macbased). Otherwise, the configured number of the users that are permitted to be connected does not take effect.
Configure User Authentication Transfer Function
The user authentication transferring function applies to the scenario where the same user transfers from one authentication port of the same device to another. When the user authentication transferring function is disabled, the user is not allowed to initiate authentication on another authentication port of the device after being authenticated on one port of the device; when the user authentication transferring function is enabled, and after the user is authenticated on one port, the device first deletes the authentication information on the original port after detecting that the user transfers to another authentication port, and then, allows the user to initiate authentication on the new authentication port
Whether or not user authentication transferring function is enabled, the device will record the log when detecting that the user transfers between the authentication ports.
Table 13-13 Configure the user authentication transferring function
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group. After entering the interface configuration mode, the subsequent configuration just takes effect on the current interface.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Enter the interface configuration mode
|
interface interface-name
|
|
Configure the user authentication migration function
|
authentication station-move { enable | disable }
|
Mandatory
By default, the user authentication migration function is disabled.
|
Configure Whether to Carry Domain Name
In some scenarios, when the client initiates authentication, the user name will automatically carry the domain name, and the user carrying the domain name will fail to authenticate on the authentication server. To avoid this case, the authentication device can configure whether the authentication user name format sent to the authentication server carries the domain name.
Table 13–14 Configure whether to carry the domain name
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group. After entering the interface configuration mode, the subsequent configuration just takes effect on the current interface.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Enter the interface configuration mode
|
interface interface-name
|
|
Configure whether to carry the domain name
|
portal user-name-format { with-domain | without-domain }
|
Mandatory
By default, carry the domain name.
|
Configure Timer Parameters
In the interface the timer parameters contain authenticating timeout timer, authenticated timeout timer, idle detection timer, and quiet timer.
Authenticating timeout timer (authenticating-period): When detecting that there is the client packet, enable the authenticating timeout timer. After the timer times out and if there is no authentication result, the client is deleted.
Authenticated timeout timer (authenticated-period): When the client is authenticated successfully, enable the authenticated timeout timer. After the timer times out, force to delete the authenticated client information.
Idle detection timer (idle-period): When the client is authenticated successfully, enable the idle detection timer. After detecting that the client is offline, force to delete the authenticated client information.
Quiet timer (quiet-period): After the client failed to be authenticated, enable the quiet timer. After the quiet timer times out, the authentication device responds to the client authentication request again.
The new times can only be valid for the subsequent online authentication user, not valid for the online authentication user.
Table 13-15 Configure the timer parameters
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration just takes effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration just takes effect on the aggregation group. After entering the interface configuration mode, the subsequent configuration just takes effect on the current interface.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Enter the interface configuration mode
|
interface interface-name
|
|
Configure the timer parameters
|
portal timeout { authenticating-period authenticating-period-value | authenticated-period authenticated-period-value | idle-period idle-period-value | quiet-period quiet-period-value }
|
Mandatory
By default, the time of the authenticating timeout timer is 120s, and the value range is 15-300; the time of the authenticated timeout timer is 3600s, and the value range is 300-864000; the time of the idle detection timer is 300s, 0 or 180-1800; the quiet time is 60, and the value range is 15-3600.
|
Configure Authentication Method List
Configure the authentication method list used by the Portal user. When the user name of the Portal user carries the domain name, use the authentication method list specified by the domain name. When the user name of the Portal user does not carry the domain name, use the configured authentication method list.
Table 13-16 Configure the authentication method list
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure the connection authentication method list
|
portal authentication method-list { default | list-name }
|
Optional
By default, use the default authentication method list.
|
Configure Statistics Method List
Configure the statistics method list used by the Portal user. When the user name of the Portal user carries the domain name, use the statistics method list specified by the domain name; when the user name of the Portal user does not carry the domain name, use the configured statistics method list.
Table 13-17 Configure the statistics method list
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure the connection statistics method list
|
portal accounting method-list { default | list-name }
|
Optional
By default, use the default statistics method list.
|
Switch
.png){kind=icon}
.png){kind=logo}
