Enabling open authentication mode
About open authentication mode
This feature enables access users (802.1X or MAC authentication users) of a port to come online and access the network even if they use nonexistent usernames or incorrect passwords.
Access users that come online in open authentication mode are called open users. Authorization and accounting are not available for open users. To display open user information, use the following commands:
display dot1x connection open.
display mac-authentication connection open.
This feature does not affect the access of users that use correct user information.
Restrictions and guidelines
When you configure open authentication mode, follow these restrictions and guidelines:
If global open authentication mode is enabled, all ports are enabled with open authentication mode regardless of the port-specific open authentication mode setting. If global open authentication mode is disabled, whether a port is enabled with open authentication mode depends on the port-specific open authentication mode setting.
The open authentication mode setting has lower priority than the 802.1X Auth-Fail VLAN and the MAC authentication guest VLAN. Open authentication mode does not take effect on a port if the port is also configured with the 802.1X Auth-Fail VLAN or the MAC authentication guest VLAN. The open authentication mode setting has lower priority than the 802.1X Auth-Fail VSI and the MAC authentication guest VSI. Open authentication mode does not take effect on a port if the port is also configured with the 802.1X Auth-Fail VSI or the MAC authentication guest VSI.
For information about 802.1X authentication and MAC authentication, see "802.1X overview," "Configuring 802.1X," and "Configuring MAC authentication."
Procedure
Enter system view.
system-view
Enable global open authentication mode.
port-security authentication open global
By default, global open authentication mode is disabled.
Enter interface view.
interface interface-type interface-number
Enable open authentication mode on the port.
port-security authentication open
By default, open authentication mode is disabled on a port.