mac-authentication critical vlan

Syntax

mac-authentication critical vlan critical-vlan-id

undo mac-authentication critical vlan

View

Layer 2 Ethernet interface view

Default level

2: System level

Parameters

critical-vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. Make sure the VLAN has been created.

Description

Use mac-authentication critical vlan to configure a MAC authentication critical VLAN on a port for MAC authentication users that have failed authentication because all the RADIUS authentication servers in their ISP domain are unreachable.

Use undo mac-authentication critical vlan to restore the default.

By default, no MAC authentication critical VLAN is configured on a port.

The MAC authentication critical VLAN configuration applies to MAC authentication users that use only RADIUS authentication servers and have failed authentication because all the servers in their ISP domain become unavailable (inactive), for example, for the loss of network connectivity. If a MAC authentication user fails local authentication after RADIUS authentication, the user is not assigned to the critical VLAN.

You can configure only one MAC authentication critical VLAN on a port. The MAC authentication critical VLANs on different ports can be different.

To have the MAC authentication critical VLAN take effect on a port, complete the following tasks:

To delete a VLAN that has been configured as a MAC authentication critical VLAN, you must remove the MAC authentication critical VLAN configuration first.

Related commands: mac-authentication; mac-vlan enable (the Layer 2LAN Switching Command Reference).

Examples

# Specify VLAN 5 as the MAC authentication critical VLAN for port Ethernet 1/0/1.

<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] mac-authentication critical vlan 5