10.3.1 Operation after authentication failure

If a terminal fails MAC-based authentication, the switch makes no more attempts to authenticate the terminal for a fixed time period (called the re-authentication interval). When this period has elapsed, the switch attempts MAC-based authentication for that terminal again. When authentication failure processing is performed on multiple terminals, the number of terminals to monitor the re-authentication time interval at the same time is 1024.

You can set the re-authentication interval by using the mac-authentication auth-interval-timer configuration command. After the set re-authentication time interval is exceeded, authentication processing is performed again within 1 second.

Figure 10-6: Operation sequence after authentication failure