Configuring periodic MAC reauthentication

The device selects a periodic reauthentication timer for MAC reauthentication in the following order:

1. Server-assigned reauthentication timer.

2. Port-specific reauthentication timer.

3. Global reauthentication timer.

4. Default reauthentication timer.

1. Enter system view.

   system-view

2. Set the periodic MAC reauthentication timer.

   • Set a global periodic reauthentication timer.

     mac-authentication timer reauth-period reauth-period-value

     The default setting is 3600 seconds.

   • Execute the following commands in sequence to set a port-specific periodic reauthentication timer:

     interface interface-type interface-number

     mac-authentication timer reauth-period reauth-period-value

     quit

     By default, no periodic MAC reauthentication timer is set on a port. The port uses the global periodic MAC reauthentication timer.

3. Enter interface view.

   interface interface-type interface-number

4. Enable periodic MAC reauthentication.

   mac-authentication re-authenticate

   By default, periodic MAC reauthentication is disabled on a port.

5. (Optional.) Enable the keep-online feature for authenticated MAC authentication users on the port.

   mac-authentication re-authenticate server-unreachable keep-online

   By default, the keep-online feature is disabled. The device logs off online MAC authentication users if no server is reachable for MAC reauthentication.

   In a fast-recovery network, you can use the keep-online feature to prevent MAC authentication users from coming online and going offline frequently.