MAC Authentication Delay

Currently, when both dot1x and MAC authentication methods are enabled on a port, a new MAC address detection triggers ExtremeXOS to send a RADIUS request to authenticate the new client on that port using MAC-based authentication. This feature allows you delay/bypass the MAC authentication by configuring a MAC authentication delay period on a per port basis. The MAC authentication delay period‘s default value is 0 seconds for backward compatibility, with a permissible range of 0 to 120 seconds.

Supported Platforms

  • Summit X430, X440, X450-G2, X460, X460-G2, X480, X670, X670-G2, X770 series switches
  • BlackDiamond X8 and 8000 series switches
  • E4G-200 and E4G-400 cell site routers

Changed CLI Commands

Changes are underlined.

configure netlogin mac ports [port_list | all] timers [{reauth-period [reauth_period]} {reauthentication [on|off]} {delay [delay]}]

The output of the show netlogin command now includes the authentication delay period value (shown in bold):

NetLogin Authentication Mode : web-based DISABLED;  802.1x DISABLED;  mac-based DISABLED 
NetLogin VLAN                : Not Configured 
NetLogin move-fail-action    : Deny 
NetLogin Client Aging Time   : 5 minutes 
Dynamic VLAN Creation        : Disabled 
Dynamic VLAN Uplink Ports    : None 
Authentication Protocol Order: 802.1x, web-based, mac-based (default) 
SNIPPED 
------------------------------------------------ 
          MAC Mode Global Configuration 
------------------------------------------------ 
Re-authentication period        : 0 (Re-authentication disabled) 
Authentication Database         : Radius, Local-User database 
Authentication Delay Period     : 0 (Default)
------------------------------------------------ 
Number of Clients Authenticated  : 0