After MAC address bypass authentication is enabled, the device performs MAC address bypass authentication on the user who fails 802.1X authentication. In this case, the access device actually starts the MAC address authentication process for the user, and the user name is determined by the mac-authen username command. To ensure that the user can pass MAC address bypass authentication, configure a MAC address authentication account for the user on the authentication server, and ensure that the account name format is the same as that configured in the mac-authen username command.