No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Enabling MAC Address Bypass Authentication

(Optional) Enabling MAC Address Bypass Authentication

Context

You can enable MAC address bypass authentication for terminals (such as printers) on which the 802.1X client software cannot be installed or used. After MAC address bypass authentication is configured, the device performs 802.1X authentication and starts the delay timer for MAC address bypass authentication. If 802.1X authentication fails after the value of the delay timer is reached, the device starts the MAC address authentication process for the users.

On an interface where MAC address bypass authentication is enabled, if the terminal on which the 802.1X client software cannot be installed or used requires fast authentication, MAC address authentication is performed first during bypass authentication. Then the device first starts the MAC address authentication process for users, and triggers 802.1X authentication only if MAC address authentication fails.

NOTE:

After MAC address bypass authentication is configured on the interface where 802.1X authentication is not enabled, 802.1X authentication is enabled on the interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Enable MAC address bypass authentication on the interface in the system view or interface view.

    • In the system view:

    1. Run dot1x mac-bypass interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      MAC address bypass authentication is enabled on the interface.

      By default, MAC address bypass authentication is disabled on an interface.

      NOTE:

      You can run the dot1x mac-bypass access-port all command to enable MAC address bypass authentication on all downlink interfaces of the device.

    2. (Optional) Run dot1x mac-bypass mac-auth-first interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      MAC address authentication is performed first during MAC address bypass authentication.

      By default, MAC address authentication is not performed first during MAC address bypass authentication.

    • In the interface view:

    1. Run interface interface-type interface-number

      The interface view is displayed.

    2. Run dot1x mac-bypass

      MAC address bypass authentication is enabled on the interface.

      By default, MAC address bypass authentication is disabled on an interface.

    3. (Optional) Run dot1x mac-bypass mac-auth-first

      MAC address authentication is performed first during MAC address bypass authentication.

      By default, MAC address authentication is not performed first during MAC address bypass authentication.

    4. Run quit

      The system view is displayed.

    NOTE:

    802.1X authentication is disabled on the interface when MAC address bypass authentication is disabled on the interface using the undo dot1x mac-bypass command.

  3. Run dot1x timer mac-bypass-delay delay-time-value

    The value of the delay timer for MAC address bypass authentication is set.

    By default, the value of the delay timer for MAC address bypass authentication is 30s.

    NOTE:

    If MAC address authentication is performed first during MAC address bypass authentication, the delay timer does not take effect.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 58796

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next