vpn interface dot1x mac-authentication-bypass—Enable authentication for non-802.1X–compliant clients (on vEdge routers only). These clients are authenticated based on their MAC address.
A non-802.1X–compliant client is one that does not respond to EAP identity requests from the vEdge router.
After the 802.1X interface detects a client, it waits to receive an Ethernet packet from the client. Then the router sends a RADIUS access/request frame to the authentication server that includes a username and password based on the MAC address. If authorization succeeds, the router grants the client access to the WAN or WLAN. If authorization fails, the router assigns the interface to the guest VLAN if one is configured.
vManage Feature Template
For vEdge routers only:
Configuration ► Templates ► VPN Interface Ethernet
- Enable Authentication for Non-802.1X–Compliant Hosts
Turn on authentication for non-802.1X–compliant clients.
- Enable Authentication for Specific Devices
- allow mac-addresses
Turn on authentication for one or more devices based on their MAC address, as listed in mac-addresses, before performing an authentication check with the RADIUS server. You can configure up to eight MAC addresses for MAC authentication bypass.
- Enable Authentication via a RADIUS Server
Authenticate non-802.1X–compliant clients using a RADIUS server. This option enables MAC authentication bypass on the RADIUS server.
Enable MAC authentication bypass:
vpn 0 interface ge0/0 dot1x mac-authentication-bypass
Command introduced in Viptela Software Release 16.3.