Configure MAC address bypass authentication on S series switch

On S series switches (except S1700), you can enable MAC address bypass authentication for terminals such as printers on which the 802.1x client software cannot be installed or used to allow these terminals to access the network.
For example, if a large number of PCs and a small number of dumb terminals are connected to GE1/0/1 and GE1/0/5, to ensure that the PCs and dumb terminals access the network, you can enable 802.1x authentication and MAC address bypass authentication on GE1/0/1 and GE1/0/5. The following describes the configuration:
- Configure multiple interfaces in a batch in the system view.
[HUAWEI] dot1x enable
[HUAWEI] dot1x enable interface gigabitethernet 1/0/1 gigabitethernet 1/0/5
[HUAWEI] dot1x mac-bypass interface gigabitethernet 1/0/1 gigabitethernet 1/0/5
- Configure each interface in the interface view.
[HUAWEI] dot1x enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] dot1x enable
[HUAWEI-GigabitEthernet1/0/1] dot1x mac-bypass
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/5
[HUAWEI-GigabitEthernet 1/0/5] dot1x enable
[HUAWEI-GigabitEthernet 1/0/5] dot1x mac-bypass
Precautions:
1. In addition to performing the preceding configuration, you still need to add MAC addresses of terminals on the authentication server. For details, see the configuration guide of the authentication server.
2. In V200R005C00 and later version, S series switches support MAC address bypass authentication only in NAC traditional configuration mode.

Scroll to top