MAC Authentication Delay
Currently, when both dot1x and MAC authentication methods are enabled on a port, a new MAC address detection triggers ExtremeXOS to send a RADIUS request to authenticate the new client on that port using MAC-based authentication. This feature allows you delay/bypass the MAC authentication by configuring a MAC authentication delay period on a per port basis. The MAC authentication delay period‘s default value is 0 seconds for backward compatibility, with a permissible range of 0 to 120 seconds.
Supported Platforms
- Summit X430, X440, X450-G2, X460, X460-G2, X480, X670, X670-G2, X770 series switches
- BlackDiamond X8 and 8000 series switches
- E4G-200 and E4G-400 cell site routers
Changed CLI Commands
Changes are underlined.
configure netlogin mac ports [port_list | all] timers [{reauth-period [reauth_period]} {reauthentication [on|off]} {delay [delay]}]
The output of the show netlogin command now includes the authentication delay period value (shown in bold):
NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based DISABLED NetLogin VLAN : Not Configured NetLogin move-fail-action : Deny NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Disabled Dynamic VLAN Uplink Ports : None Authentication Protocol Order: 802.1x, web-based, mac-based (default) SNIPPED ------------------------------------------------ MAC Mode Global Configuration ------------------------------------------------ Re-authentication period : 0 (Re-authentication disabled) Authentication Database : Radius, Local-User database Authentication Delay Period : 0 (Default) ------------------------------------------------ Number of Clients Authenticated : 0