Can the MAC bypass authentication function be configured on a fixed interface of the SRU

0

The MAC bypass authentication function cannot be configured on a fixed interface of the SRU, and it is supported on the interface card only.

Other related questions:
Can MAC address bypass authentication be configured on a fixed port on the SRU
No, MAC bypass authentication must be configured on LPUs.

Configure MAC address bypass authentication on S series switch
On S series switches (except S1700), you can enable MAC address bypass authentication for terminals such as printers on which the 802.1x client software cannot be installed or used to allow these terminals to access the network. For example, if a large number of PCs and a small number of dumb terminals are connected to GE1/0/1 and GE1/0/5, to ensure that the PCs and dumb terminals access the network, you can enable 802.1x authentication and MAC address bypass authentication on GE1/0/1 and GE1/0/5. The following describes the configuration: - Configure multiple interfaces in a batch in the system view. [HUAWEI] dot1x enable [HUAWEI] dot1x enable interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 [HUAWEI] dot1x mac-bypass interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 - Configure each interface in the interface view. [HUAWEI] dot1x enable [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dot1x enable [HUAWEI-GigabitEthernet1/0/1] dot1x mac-bypass [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/5 [HUAWEI-GigabitEthernet 1/0/5] dot1x enable [HUAWEI-GigabitEthernet 1/0/5] dot1x mac-bypass Precautions: 1. In addition to performing the preceding configuration, you still need to add MAC addresses of terminals on the authentication server. For details, see the configuration guide of the authentication server. 2. In V200R005C00 and later version, S series switches support MAC address bypass authentication only in NAC traditional configuration mode.

Can a PC access the network without passing 802.1x authentication after MAC address bypass authentication is enabled on an S series switch
For S series switches (except the S1700), MAC address bypass authentication also requires an authentication server. A PC's MAC address is used as the user name and password for MAC address bypass authentication. If no account corresponding to the PC's MAC address is configured on the authentication server, the PC cannot pass the authentication and cannot access the network.

Static DHCP binding configuration on S series switch
In static DHCP binding mode, fixed IP addresses can be assigned to DHCP clients with specific MAC addresses. For example, you can assign fixed IP address 10.10.10.10 to a client with MAC address dcd2-fc96-e4c0 on an S series switch except an S1700 switch: - For a global address pool: [HUAWEI] ip pool 1 //Enter the view of an IP address pool. [HUAWEI-ip-pool-1] static-bind ip-address 10.10.10.10 mac-address dcd2-fc96-e4c0 - For an interface address pool: [HUAWEI] interface vlanif 10 //Enter the view of the interface for which an IP address has been configured. [HUAWEI-Vlanif10] dhcp server static-bind ip-address 10.10.10.10 mac-address dcd2-fc96-e4c0 Note: The configured IP address cannot be the same as the assigned one. If the configured IP address has been assigned, run the reset ip pool { interface pool-name | name ip-pool-name } { start-ip-address [ end-ip-address ] | all | conflict | expired | used } command in the user view to manually reclaim the IP address in an address pool.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top