Configuring a MAC authentication critical VSI
Restrictions and guidelines
The MAC authentication critical VSI feature has higher priority than the quiet feature of MAC authentication. When a user fails MAC authentication, the user can access the resources in the critical VSI. The user's MAC address is not marked as a silent MAC address.
You can configure only one MAC authentication critical VSI on a port. The MAC authentication critical VSIs on different ports can be different.
Prerequisites
Before you configure the MAC authentication critical VSI on a port, complete the following tasks:
Enable L2VPN.
Create the VSI to be specified as the MAC authentication critical VSI, and create a VXLAN for the VSI.
Make sure MAC-based traffic matching for dynamic Ethernet service instances is enabled on the port.
For more information, see VXLAN Configuration Guide.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Specify the MAC authentication critical VSI on the port.
mac-authentication critical vsi critical-vsi-name [ url-user-logoff ]
By default, no MAC authentication critical VSI exists on a port.
The url-user-logoff keyword enables the device to log off MAC authentication users that have been assigned authorization URLs on the port when the first user is assigned to the critical VSI.