Static Mac Bypass Of Authentication - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS

Static MAC Bypass of Authentication

Fallback of Authentication Methods
2252
Captive portal on J-EX Series switches has the following limitations:
The captive portal interface must be configured for
to port mode access .
Captive portal does not support dynamic assignment of VLANs downloaded from the
RADIUS server.
If the user is idle for more than about 5 minutes and there is no traffic passed, the user
must log back in to the captive portal.
You can allow end devices to access the LAN without authentication on a RADIUS server
by including their MAC addresses in the static MAC bypass list (also known as the
exclusion list).
You might choose to include a device in the bypass list to:
Allow non-802.1X-enabled devices access to the LAN.
Eliminate the delay that occurs while the switch determines that a connected device
is a non-802.1X-enabled host.
When you configure static MAC on the switch, the MAC address of the end device is first
checked in a local database (a user-configured list of MAC addresses). If a match is
found, the end device is successfully authenticated and the interface is opened up for it.
No further authentication is done for that end device. If a match is not found and 802.1X
authentication is enabled on the switch, the switch attempts to authenticate the end
device through the RADIUS server.
For each MAC address, you can also configure the VLAN to which the end device is moved
or the interfaces on which the host connects.
You can configure one or more authentication methods on a single interface and thus
enable fallback to the next method if the first or second method fails.
If an interface is configured in multiple supplicant mode, all end devices connecting
through the interface must use either captive portal or a combination of 802.1X and MAC
RADIUS, captive portal cannot be mixed with 802.1X or MAC RADIUS. Therefore, if there
is already an end device on the interface that was authenticated through 802.1X or MAC
RADIUS authentication, then additional end devices authenticating do not fall back to
captive portal. If only 802.1X authentication or MAC RADIUS authentication is configured,
some end devices can be authenticated using 802.1X and others can still be authenticated
using MAC RADIUS.
Fallback of authentication methods occurs in the following order:
802.1X authentication—If 802.1X is configured on the interface, the switch sends
1.
EAPOL requests to the end device and attempts to authenticate the end device
through 802.1X authentication. If the end device does not respond to the EAP requests,
the switch checks whether MAC RADIUS authentication is configured on the interface.
family ethernet-switching
and set