Can I allow an 802.1x authentication user who uses a specific MAC address to access the network without authentication on an S series switch

14

For an S series switch (a non-S1700 switch) where 802.1x authentication is enabled, if you want to allow a user who uses a specific MAC address to access the network without authentication, enable MAC address bypass authentication on an interface through which the user connects to the switch.

Other related questions:
Can I allow Portal authentication users who use specific IP addresses to access the network without authentication on an S series switch
Portal authentication users cannot access the network before passing authentication. You can configure an authentication-free rule for Portal authentication users to allow certain users to access specified network resources without passing Portal authentication. If an IP address is specified in an authentication-free rule for Portal authentication users, a user who uses the IP address can access the network without authentication.

Can a PC access the network without passing 802.1x authentication after MAC address bypass authentication is enabled on an S series switch
For S series switches (except the S1700), MAC address bypass authentication also requires an authentication server. A PC's MAC address is used as the user name and password for MAC address bypass authentication. If no account corresponding to the PC's MAC address is configured on the authentication server, the PC cannot pass the authentication and cannot access the network.

How to configure the critical VLAN function on S series switches
During 802.1x authentication, when a fault occurs on the network between the access device and the authentication server or the authentication server fails, the authentication process on the network is interrupted. As a result, a user fails authentication and cannot access network resources. You can configure the critical VLAN function to solve this problem. When a fault occurs on the network between the access device and the authentication server or the authentication server fails, an 802.1x authentication user is added to the critical VLAN, and then can access resources in the critical VLAN. Configure a critical VLAN on S series switches (except the S1700) as follows: - Perform the following operations in the system view: [HUAWEI] vlan batch 20 [HUAWEI] undo authentication unified-mode //Skip this step on switches running versions earlier than V200R005C00. [HUAWEI] dot1x enable [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port link-type hybrid [HUAWEI-GigabitEthernet1/0/1] port hybrid untagged vlan 20 //The critical VLAN takes effect only for hybrid or access interfaces added to the critical VLAN in untagged mode. [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] dot1x enable interface gigabitethernet 1/0/1 [HUAWEI] dot1x port-method port interface gigabitethernet 1/0/1 [HUAWEI] authentication critical-vlan 20 interface gigabitethernet 1/0/1 - Perform the following operations in the interface view: [HUAWEI] vlan batch 20 [HUAWEI] undo authentication unified-mode //Skip this step on switches running versions earlier than V200R005C00. [HUAWEI] dot1x enable [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port link-type hybrid [HUAWEI-GigabitEthernet1/0/1] port hybrid untagged vlan 20 //The critical VLAN takes effect only for hybrid or access interfaces added to the critical VLAN in untagged mode. [HUAWEI-GigabitEthernet1/0/1] dot1x enable [HUAWEI-GigabitEthernet1/0/1] dot1x port-method port [HUAWEI-GigabitEthernet1/0/1] authentication critical-vlan 20

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top