Triple authentication support for VLAN assignment
Authorization VLAN
After a user passes authentication, the authentication server assigns an authorization VLAN to the access port for the user. The user can then access the network resources in the authorized VLAN.
Authentication failure VLAN
The access port adds a user to an authentication failure VLAN configured on the port after the user fails authentication.
For an 802.1X authentication user—Adds the user to the Auth-Fail VLAN configured for 802.1X authentication.
For a Web authentication user—Adds the user to the Auth-Fail VLAN configured for Web authentication.
For a MAC authentication user—Adds the user to the guest VLAN configured for MAC authentication.
The access port supports configuring all types of authentication failure VLANs at the same time. If a user fails more than one type of authentication, the authentication failure VLAN of the user changes as follows:
If a user in the Web Auth-Fail VLAN fails MAC authentication, the user is moved to the MAC authentication guest VLAN.
If a user in the Web Auth-Fail VLAN or MAC authentication guest VLAN fails 802.1X authentication, the user is moved to the 802.1X Auth-Fail VLAN.
If a user in the 802.1X Auth-Fail VLAN fails MAC authentication or Web authentication, the user is still in the 802.1X Auth-Fail VLAN.
Server-unreachable VLAN
If a user fails authentication due to the unreachable server, the access port adds the user to an server-unreachable VLAN.
For an 802.1X authentication user—Adds the user to the critical VLAN configured for 802.1X authentication.
For a Web authentication user—Adds the user to the Auth-Fail VLAN configured for Web authentication.
For a MAC authentication user—Adds the user to the critical VLAN configured for MAC authentication.
The access port supports configuring all types of server-unreachable VLANs at the same time. A user is added to the server-unreachable VLAN as follows:
If the user does not undergo 802.1X authentication, the user is added to the server-unreachable VLAN configured for the last authentication.
If the user in the Web Auth-Fail VLAN or the MAC authentication critical VLAN also fails 802.1X authentication, the user is added to the 802.1X authentication critical VLAN.