DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-42
4.2.33 Configuring Dot1x MAC
Authentication Bypass
Timeout
After a MAC address authentication in the MAB mode is online, this MAC address will always
be online unless the re-auth fails, the port is Down or it is forcibly offline due to the
administration policy.
The user can configure the allowed online time of those authentication MAC address. 0 is the
default value, indicating that the MAC address is always online.
To configure the MAB timeout, run the following commands:
Command Function
configure terminal
Enter the global configuration mode.
interface <interface-id>
Enter the interface configuration mode.
dot1x mac-auth-bypass timeout-activity
<value>
Set the MAB timeout time, in seconds. No default
value and the valid range is 1-65535.
end
Return to the privileged mode.
write
Save the configurations.
show running-config
Show all configurations.
Following example shows how to configure the MAB timeout time.
DES-7200# configure terminal
DES-7200(config)# interface fa 0/1
DES-7200(config-if)# dot1x mac-auth-bypass timeout-activity 3600
Caution
If the online time for the MAC address authentication is also
assigned by the server, this online time is independent from the
timeout-activity.
After it times out, with guest vlan configured on the port, the port
switches to the guest vlan. However, during the authentication, the
response timeout for the server will not cause the MAB port in the
guest vlan.
4.2.34 Configuring Dot1x MAC
Authentication Bypass
Violation
By default, with one MAC address authenticated in the MAB mode, data of all devices under
the port are allowed to be forwarded. However, in some safe applications, if only one MAC
address is allowed for the MAB port by the administrator, configure the MAB violation. With the
MAB violation configured, once the port enters the MAB mode, the violation occurs if there is
more than one 1 Mac address for the port.