(Optional) Enabling MAC Address Bypass Authentication

Context

You can enable MAC address bypass authentication for terminals (such as printers) on which the 802.1X client software cannot be installed or used. After MAC address bypass authentication is configured, the device performs 802.1X authentication and starts the delay timer for MAC address bypass authentication. If 802.1X authentication fails after the value of the delay timer is reached, the device starts the MAC address authentication process for the users.

On an interface where MAC address bypass authentication is enabled, if the terminal on which the 802.1X client software cannot be installed or used requires fast authentication, MAC address authentication is performed first during bypass authentication. Then the device first starts the MAC address authentication process for users, and triggers 802.1X authentication only if MAC address authentication fails.

After MAC address bypass authentication is configured on the interface where 802.1X authentication is not enabled, 802.1X authentication is enabled on the interface.

Procedure

Run system-view
The system view is displayed.
Enable MAC address bypass authentication on the interface in the system view or interface view.
- In the system view:
1. Run dot1x mac-bypass interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  MAC address bypass authentication is enabled on the interface.
  
  By default, MAC address bypass authentication is disabled on an interface.
  
  You can run the dot1x mac-bypass access-port all command to enable MAC address bypass authentication on all downlink interfaces of the device.
2. (Optional) Run dot1x mac-bypass mac-auth-first interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  MAC address authentication is performed first during MAC address bypass authentication.
  
  By default, MAC address authentication is not performed first during MAC address bypass authentication.
- In the interface view:
1. Run interface interface-type interface-number
  The interface view is displayed.
2. Run dot1x mac-bypass
  MAC address bypass authentication is enabled on the interface.
  
  By default, MAC address bypass authentication is disabled on an interface.
3. (Optional) Run dot1x mac-bypass mac-auth-first
  MAC address authentication is performed first during MAC address bypass authentication.
  
  By default, MAC address authentication is not performed first during MAC address bypass authentication.
4. Run quit
  The system view is displayed.
802.1X authentication is disabled on the interface when MAC address bypass authentication is disabled on the interface using the undo dot1x mac-bypass command.
Run dot1x timer mac-bypass-delay delay-time-value
The value of the delay timer for MAC address bypass authentication is set.

By default, the value of the delay timer for MAC address bypass authentication is 30s.

If MAC address authentication is performed first during MAC address bypass authentication, the delay timer does not take effect.