Hello folks, here is my two cents on the matter.
One, authentication at each layer is independent of each other. An ONU/
ONT (assuming only bridge mode) is responsible for layer 1 i.e. physical layer or link layer.
If link layer authentication fails, higher layer won't even be triggered for authentication, like PPPoE which is here being referred to in context of
MAC binding.
PON link is not getting identified by OLT to your ONU or as its called in lay terms, getting registered.
Now, if you do get registered, that means OLT authenticated an ONU according policies configured on the OLT. In effect, as far as I know, the so called vendors, the likes of Syro or DBC or
Netlink among others, implement the PON registration policies based on few parameters. I'd say they implement it in 4 way precisely.
1. First is no authentication, the default policy. That is any one can connect their ONU.
2. MAC based registration. So if the MAC of your ONU is listed in white list (another fancy name for access list), OLT will approve the PON link for bi-directional communication. If your MAC is black listed, your ONU won't be permitted, that is it stays unregistered.
3. Similarly, LOID is another parameter.
4. Last one as my knowledge goes, the parameter could be LOID+Password.
Now, any of those parameters could be used in various permutation and combination. That fact can only be ascertained by policy configured on the OLT only. So DON'T assume. Ask the LCO or whoever manages the OLT for the policies on their SFP provisioned for you fiber link.
And now, if you do get registered, PPPoeE (or any other layer 2 protocol) would start the authentication process. Where the "MAC binding" could be one of the several authentication parameters (wink wink, DOT1x if just the Ethernet was being natively used)
Sorry for the winded post. That's the best I could do in one single fell swoop and helps you to actually identify the problem.
Saeed