mac-authen reauthenticate

Function

The mac-authen reauthenticate command enables periodic MAC address re-authentication on a specified interface.

The undo mac-authen reauthenticate command disables periodic MAC address re-authentication on a specified interface.

By default, periodic MAC address re-authentication is enabled on a specified interface.

Format

In the system view:

mac-authen reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

undo mac-authen reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

In the interface view:

mac-authen reauthenticate

undo mac-authen reauthenticate

Parameters

Parameter	Description	Value
interface { interface-type interface-number1 [ to interface-number2 ] }	Specifies the interface type and number. interface-type specifies the interface type. interface-number specifies the interface number.	-

Parameter

Description

Value

interface { interface-type interface-number1 [ to interface-number2 ] }

Specifies the interface type and number.

interface-type specifies the interface type.
interface-number specifies the interface number.

Views

System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view

Default Level

2: Configuration level

Usage Guidelines

After modifying the authentication information of an online user on the authentication server, the administrator needs to re-authenticate the user in real time to ensure user validity.

After the user goes online, the device saves user authentication information. After periodic re-authentication for all online MAC address authentication users on a specified interface is enabled using the mac-authen reauthenticate command, the device sends the stored authentication information of the online user on the interface to the authentication server for re-authentication at an interval. If the user's authentication information does not change on the authentication server, the user is online normally. If the authentication information has been changed, the user is forced to go offline. The user then needs to be re-authenticated according to the changed authentication information.

The re-authentication interval is set using the mac-authen timer reauthenticate-period command.

This function takes effect only for users who go online after this function is successfully configured.

If the device is connected to a server for re-authentication and the server replies with a re-authentication deny message that makes an online user go offline, it is recommended that you locate the cause of the re-authentication failure on the server or disable the re-authentication function on the device.

Example

# Enable periodic MAC address re-authentication on GE0/0/1 in the system view.

<HUAWEI> system-view
[HUAWEI] mac-authen reauthenticate interface gigabitethernet 0/0/1

# Enable periodic MAC address re-authentication on GE0/0/1 in the interface view.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] mac-authen reauthenticate