The mac-authen quiet-times command configures the maximum number of authentication failures within 60 seconds before a MAC address authentication user enters the quiet state.
The undo mac-authen quiet-times command restores the maximum number of authentication failures to the default value.
By default, the maximum number of authentication failures is 10.
Parameter |
Description |
Value |
|---|---|---|
fail-times |
Specifies the maximum number of authentication failures before a MAC address authentication user enters the quiet state. |
The value is an integer that ranges from 1 to 10. |
Usage Scenario
The quiet function for MAC address authentication is enabled on a device by default. When the maximum number of authentication failures exceeds 10 within 60 seconds, the device quiets a MAC address authentication user and does not process authentication requests from the user, reducing impact on the system caused by attackers.
Precautions
After the maximum number of authentication failures is set to a value larger than the configured value, the user in quiet state can initiate reauthentication only after the quiet period expires. If the user enters an incorrect user name or password again, the user authentication fails. The device does not quiet the user but allows the user to initiate reauthentication immediately.
The quiet function for MAC address authentication users takes effect only after the pre-connection function is disabled using the undo authentication pre-authen-access enable command and the device is disabled from assigning network access rights to users in each phase before authentication succeeds using the undo authentication event action authorize command. In multi-mode authentication of MAC address authentication users, the quiet function for MAC address authentication users does not take effect.