(Optional) Configuring Re-authentication for MAC Address Authentication Users

Context

If the administrator modifies user information on the authentication server, parameters such as the user access permission and authorization attribute are changed. If a user has passed MAC address authentication, you must re-authenticate the user to ensure user validity.

After the user goes online, the device saves user authentication information. After re-authentication is enabled for MAC address authentication users, the device sends the saved authentication information of the online user to the authentication server for re-authentication. If the user's authentication information does not change on the authentication server, the user is kept online. If the authentication information has been changed, the user is forced to go offline, and then re-authenticated according to the changed authentication information.

You can configure re-authentication for MAC address authentication users using either of the following methods:

Re-authenticate all online MAC address authentication users on a specified interface at an interval.
Re-authenticate the online user once with a specified MAC address.

Procedure

Re-authenticate all online MAC address authentication users on a specified interface at an interval.
1. Run system-view
  The system view is displayed.
2. Enable periodic re-authentication for all online MAC address authentication users on the specified interface in the system or interface view.
  - In the system view:
  1. Run mac-authen reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
    Periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.
  - In the interface view:
  1. Run interface interface-type interface-number
    The interface view is displayed.
  2. Run mac-authen reauthenticate
    Periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.
  3. Run quit
    Return to the system view.
  By default, periodic re-authentication is enabled for all online MAC address authentication users on the specified interface.
3. (Optional) Set the re-authentication interval for online MAC address authentication users in the system or interface view.
  
  Generally, the default re-authentication interval is recommended. If many ACL rules need to be delivered during user authorization, to improve the device processing performance, you are advised to disable re-authentication or increase the re-authentication internal. When remote authentication and authorization are used and a short re-authentication interval is used, the CPU usage may become high.
  - In the system view:
  1. Run the mac-authen timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online MAC address authentication users.
  - In the interface view:
  1. Run the interface interface-type interface-number command to enter the interface view.
  2. Run the mac-authen timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online MAC address authentication users.
  The default re-authentication interval for MAC address authentication users in the system view is 1800 seconds, and the re-authentication interval in the interface view is the same as the re-authentication interval configured in the system view.
Configure re-authentication for an online MAC address authentication user with a specified MAC address.
1. Run system-view
  The system view is displayed.
2. Run mac-authen reauthenticate mac-address mac-address
  Re-authentication is enabled for the online MAC address authentication user with the specified MAC address.
  
  By default, re-authentication for an online MAC address authentication user with a specified MAC address is disabled.