This specifies whether a failed attempt to start an 802.1X negotiation should be followed by a check of the client’s MAC address via RADIUS and a subsequent opening of the port. In this case, the MAC address is transmitted as a RADIUS user name and password in the format "aabbccddeeff". It must also be stored in the RADIUS server in this format.
Important: The MAC address is easy to fake and does not protect against malicious attacks.
Note: In the standard configuration, the 802.1X authenticator will try to start an 802.1X negotiation for 90 seconds
before falling back to the MAC address check. This time can be adjusted for each port by changing the parameters 2.30.4.5 Max-Req (default: 3 attempts) and 2.30.4.7 Supp-Timeout (default: 30 seconds). Alternatively, the mode for MAC Auth Bypass can be
set to "Immediate". This mode immediately starts a MAC address check without waiting for a timeout.
- SNMP ID:
- 2.4.10.3.5
- Console path:
- Setup > LAN > IEEE802.1X > Authenticator-Ifc-Setup
- Possible values:
- No
- MAC address authentication is not possible.
- Yes
- MAC address authentication is possible.
- Immediate
- Authentication is immediately performed by MAC address.
- Default:
- No
