The dot1x mac-bypass mac-auth-first command enables the device to perform MAC address authentication first during MAC address bypass authentication.
The undo dot1x mac-bypass mac-auth-first command disables the device from performing MAC address authentication first during MAC address bypass authentication.
By default, the MAC address authentication is not performed first during MAC address bypass authentication.
In the system view:
dot1x mac-bypass mac-auth-first interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
undo dot1x mac-bypass mac-auth-first interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
In the interface view:
dot1x mac-bypass mac-auth-first
undo dot1x mac-bypass mac-auth-first
Parameter |
Description |
Value |
|---|---|---|
interface { interface-type interface-number1 [ to interface-number2 ] } |
Enables the device to perform MAC address authentication first on a specified interface during MAC address bypass authentication.
|
- |
System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view
Usage Scenario
When both the clients that do not support 802.1X authentication (such as printers) and the clients that support 802.1X authentication (such as PCs) are connected to the interface enabled with MAC address bypass authentication, you can run the dot1x mac-bypass mac-auth-first command to enable the device to perform MAC address authentication first during MAC address bypass authentication. After that, the device first starts the MAC address authentication process for users, and triggers 802.1X authentication only if MAC address authentication fails.
Prerequisites
802.1X authentication has been enabled globally and on an interface using the dot1x enable command.
Follow-up Procedure
Run the dot1x mac-bypass command to enable MAC address bypass authentication on the interface.
# Enable the device to first perform MAC address authentication on GE0/0/1 during MAC address bypass authentication in the system view.
<HUAWEI> system-view [HUAWEI] dot1x mac-bypass mac-auth-first interface gigabitethernet 0/0/1
# Enable the device to first perform MAC address authentication on GE0/0/1 during MAC address bypass authentication in the interface view.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dot1x mac-bypass mac-auth-first