mac-authentication critical vlan
Syntax
mac-authentication critical vlan critical-vlan-id
undo mac-authentication critical vlan
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
critical-vlan-id: Specifies a VLAN ID, in the range of 1 to 4094. Make sure the VLAN has been created.
Description
Use mac-authentication critical vlan to configure a MAC authentication critical VLAN on a port for MAC authentication users that have failed authentication because all the RADIUS authentication servers in their ISP domain are unreachable.
Use undo mac-authentication critical vlan to restore the default.
By default, no MAC authentication critical VLAN is configured on a port.
The MAC authentication critical VLAN configuration applies to MAC authentication users that use only RADIUS authentication servers and have failed authentication because all the servers in their ISP domain become unavailable (inactive), for example, for the loss of network connectivity. If a MAC authentication user fails local authentication after RADIUS authentication, the user is not assigned to the critical VLAN.
You can configure only one MAC authentication critical VLAN on a port. The MAC authentication critical VLANs on different ports can be different.
To have the MAC authentication critical VLAN take effect on a port, complete the following tasks:
Enable MAC authentication both globally and on the port.
Enable MAC-based VLAN on the port.
To delete a VLAN that has been configured as a MAC authentication critical VLAN, you must remove the MAC authentication critical VLAN configuration first.
Related commands: mac-authentication; mac-vlan enable (the Layer 2—LAN Switching Command Reference).
Examples
# Specify VLAN 5 as the MAC authentication critical VLAN for port Ethernet 1/0/1.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] mac-authentication critical vlan 5