Configuring the Quiet Function

Context

If a user frequently fails NAC authentication within a short period, system performance will be affected, and brute force attacks on the user name and password may occur.

After the quiet function is enabled, if the number of times that a user fails to be authenticated within 60s exceeds the upper limit, the device discards the user's authentication request packets for a period to avoid frequent authentication failures.

When the number of quiet entries reaches the maximum number, the device does not allow new users who are not in the quiet table to access the network.

Procedure

Configure the quiet function for 802.1X authentication users.
1. Run system-view
  
  The system view is displayed.
2. Run dot1x quiet-period
  
  The quiet function is enabled for 802.1X authentication users.
  
  By default, the quiet function is enabled for 802.1X authentication users.
3. (Optional) Run dot1x quiet-times fail-times
  
  The maximum number of authentication failures within 60 seconds before the device quiets an 802.1X authentication user is configured.
  
  By default, the maximum number of authentication failures is 10.
4. (Optional) Run dot1x timer quiet-period quiet-period-value
  
  The quiet period is configured for 802.1X authentication users who fail to be authenticated.
  
  By default, the quiet period is 60 seconds for 802.1X authentication users who fail to be authenticated.
Configure the quiet function for MAC address authentication users.

The quiet function for MAC address authentication users takes effect only after the pre-connection function is disabled using the undo authentication pre-authen-access enable command and the device is disabled from assigning network access rights to users in each phase before authentication succeeds using the undo authentication event action authorize command. In multi-mode authentication of MAC address authentication users, the quiet function for MAC address authentication users does not take effect.
1. Run system-view
  
  The system view is displayed.
2. (Optional) Run mac-authen quiet-times fail-times
  
  The maximum number of authentication failures within 60 seconds before the device quiets a MAC address authentication user is configured.
  
  By default, the maximum number of authentication failures is 10.
3. Run mac-authen timer quiet-period quiet-period-value
  
  The quiet period is configured for MAC address authentication users who fail to be authenticated.
  
  By default, the quiet period is 60 seconds for MAC address authentication users who fail to be authenticated. If the value of quiet-period-value is 0, the quiet function is disabled for MAC address authentication users.
Configure the quiet function for Portal authentication users.
1. Run system-view
  
  The system view is displayed.
2. Run portal quiet-period
  
  The quiet function is enabled.
  
  By default, the quiet function is enabled for Portal authentication users.
3. (Optional) Run portal quiet-times fail-times
  
  The maximum number of authentication failures within 60 seconds before the device quiets a Portal authentication user is configured.
  
  By default, the maximum number of authentication failures is 10.
4. (Optional) Run portal timer quiet-period quiet-period-value
  
  The quiet period is configured for Portal authentication users who fail to be authenticated.
  
  By default, the quiet period is 60 seconds for Portal authentication users who fail to be authenticated.