Understanding Static MAC Bypass of Authentication on EX Series Switches
You can allow hosts access to the LAN without authentication by including their MAC addresses in the static MAC bypass list. (This list is also known as the exclusion list.) You might choose to include a device in the static MAC bypass list to:
- Allow non-802.1X-enabled devices access to the LAN.
- Eliminate the delay that occurs while the switch determines that a connected device is a non-802.1X-enabled host.
When you configure static MAC on the switch, the MAC address of the host is first checked in a local database (a user configured list of MAC addresses). If a match is found, the host is assumed to be successfully authenticated and the interface is opened up for it. No further authentication is done for that host. If a match is not found and 802.1X authentication is enabled on the switch, the switch attempts to authenticate the host through the RADIUS server.
For each MAC address, you can also configure the VLAN that the host is moved to or the interfaces on which the host connects.