Optional) Enabling Mac Bypass Authentication - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
----End

2.4.4 (Optional) Enabling MAC Bypass Authentication

Context
The 802.1x client software cannot be installed or used on some special terminals, such as printers.
In this case, the MAC bypass authentication can be adopted.
If 802.1x authentication on the terminal fails, the access device sends the user name and
password, namely, the MAC address of the terminal, to the RADIUS server for authentication.
This process is MAC address bypass authentication.
You can configure MAC address bypass authentication in the following ways.
Procedure
l
l
Issue 06 (2010–01–08)
802.1x authentication is enabled on the interface.
You can run the undo dot1x command only when no online user exists.
In the system view:
1. Run:
system-view
The system view is displayed.
2. Run:
dot1x mac-bypass interface { interface-type interface-number1 [ to
interface-number2 ] } &<1-10>
MAC bypass authentication is enabled on interfaces.
You can configure MAC address bypass authentication on interfaces in batches by
specifying the interface list in the dot1x mac-bypass command in the system view.
In the interface view:
1. Run:
system-view
The system view is displayed.
2. Run:
interface { ethernet | gigabitethernet } interface-number
The interface view is displayed.
3. Run:
dot1x mac-bypass enable
MAC address bypass authentication is enabled on the interface.
After you run the dot1x mac-bypass enable command, the commands of enabling 802.1x
authentication on the interface are overwritten. The details are as follows:
If 802.1x authentication is disabled on the interface, 802.1x authentication is enabled
–
after you run the dot1x mac-bypass enable command.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 NAC Configuration
2-11