Specifying an Auth-Fail VLAN for portal authentication
Only Layer 2 portal authentication supports this feature.
This task sets the Auth-Fail VLAN to be assigned to users failing portal authentication. You can specify different Auth-Fail VLANs for portal authentication on different ports. A port can be specified with only one Auth-Fail VLAN for portal authentication.
Before specifying an Auth-Fail VLAN, be sure to create the VLAN.
To specify an Auth-Fail VLAN for portal authentication:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Specify an Auth-Fail VLAN for portal authentication on the port. | portal auth-fail vlan authfail-vlan-id | Not specified by default |
After you specify an Auth-Fail VLAN for portal authentication on a port, you must also enable the MAC-based VLAN function on the port to make the specified Auth-Fail VLAN take effect. For information about MAC VLAN, see Layer 2—LAN Switching Configuration Guide.
The MAC-VLAN entries generated in response to portal authentication failures do not overwrite the MAC-VLAN entries already generated in other authentication modes.