Can a PC access the network without passing 802.1x authentication after MAC address bypass authentication is enabled on an S series switch

1

For S series switches (except the S1700), MAC address bypass authentication also requires an authentication server. A PC's MAC address is used as the user name and password for MAC address bypass authentication. If no account corresponding to the PC's MAC address is configured on the authentication server, the PC cannot pass the authentication and cannot access the network.

Other related questions:
Can I allow an 802.1x authentication user who uses a specific MAC address to access the network without authentication on an S series switch
For an S series switch (a non-S1700 switch) where 802.1x authentication is enabled, if you want to allow a user who uses a specific MAC address to access the network without authentication, enable MAC address bypass authentication on an interface through which the user connects to the switch.

Configure MAC address bypass authentication on S series switch
On S series switches (except S1700), you can enable MAC address bypass authentication for terminals such as printers on which the 802.1x client software cannot be installed or used to allow these terminals to access the network. For example, if a large number of PCs and a small number of dumb terminals are connected to GE1/0/1 and GE1/0/5, to ensure that the PCs and dumb terminals access the network, you can enable 802.1x authentication and MAC address bypass authentication on GE1/0/1 and GE1/0/5. The following describes the configuration: - Configure multiple interfaces in a batch in the system view. [HUAWEI] dot1x enable [HUAWEI] dot1x enable interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 [HUAWEI] dot1x mac-bypass interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 - Configure each interface in the interface view. [HUAWEI] dot1x enable [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dot1x enable [HUAWEI-GigabitEthernet1/0/1] dot1x mac-bypass [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/5 [HUAWEI-GigabitEthernet 1/0/5] dot1x enable [HUAWEI-GigabitEthernet 1/0/5] dot1x mac-bypass Precautions: 1. In addition to performing the preceding configuration, you still need to add MAC addresses of terminals on the authentication server. For details, see the configuration guide of the authentication server. 2. In V200R005C00 and later version, S series switches support MAC address bypass authentication only in NAC traditional configuration mode.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top