Critical voice VLAN
![[IMPORTANT: ]](images/important.png) | IMPORTANT: This feature is available in Release 1121 and later. | |
The 802.1X critical voice VLAN on a port accommodates 802.1X voice users who have failed authentication because none of the RADIUS servers in their ISP domain is reachable.
The critical voice VLAN feature takes effect when 802.1X authentication is performed only through RADIUS servers. If an 802.1X voice user fails local authentication after RADIUS authentication, the voice user is not assigned to the critical voice VLAN. For more information about the authentication methods, see "Configuring AAA."
When a reachable RADIUS server is detected, the device performs the following operations:
If port-based access control is used, the device removes the port from the critical voice VLAN. The port sends a multicast EAP-Request/Identity packet to all 802.1X voice users on the port to trigger authentication.
If MAC-based access control is used, the device removes 802.1X voice users from the critical voice VLAN. The port sends a unicast EAP-Request/Identity packet to each 802.1X voice user that was assigned to the critical voice VLAN to trigger authentication.