If the administrator modifies parameters such as access rights and authorization attributes of an online user on the authentication server, the user must be re-authenticated to ensure user validity. Table 1 describes the re-authentication mode for users who have passed MAC address authentication.
| Configuration Completed On | To | Configuration Command |
|---|---|---|
| Access device | Perform periodic re-authentication for users who have passed MAC address authentication. After receiving a RADIUS Access-Accept packet from the authentication server, the access device starts the re-authentication timer specified by reauthenticate-period-value. When the timer expires, the access device requests the RADIUS server to perform MAC address re-authentication for the user. | mac-authen reauthenticate mac-authen timer reauthenticate-period reauthenticate-period-value |
| Re-authenticate MAC address authentication users after receiving DHCP lease renewal packets from them. | mac-authen reauthenticate dhcp-renew | |
| Perform one-time re-authentication for a user with the specified MAC address. | mac-authen reauthenticate mac-address mac-address | |
| RADIUS server | Deliver the standard RADIUS attributes Session-Timeout and Termination-Action. The Session-Timeout attribute specifies the online duration timer of a user. The value of Termination-Action is set to 1, indicating that the user is re-authenticated when the online duration timer expires. | N/A |
According to Logical Process of MAC Address Authentication, exceptions may occur during MAC address authentication. For example, the RADIUS server may go Down or user authentication may fail. By default, users in abnormal authentication state have no network access rights. Generally, the users are granted with some network access rights. When the online period of a user reaches the user entry aging time, the device deletes the user entry and reclaims the network access rights granted to the user. You can configure the access device to re-authenticate these users based on user entries, so that they can obtain normal network access rights in a timely manner. Table 2 describes the method of configuring re-authentication for users in abnormal authentication state.
| User State | Configuration Command |
|---|---|
| RADIUS server in Down state | authentication event authen-server-up action re-authen: Enables user re-authentication when the RADIUS server is Up. |
| Authentication failure | authentication timer re-authen authen-fail re-authen-time: Enables periodic re-authentication for users who fail to be authenticated. |
| Pre-connection | authentication timer re-authen pre-authen re-authen-time: Enables periodic re-authentication for users in pre-connection state. |