Fail Open I-SID provides network connectivity with restricted access to devices when the switch cannot connect to a RADIUS server. If a failure occurs that is based on a RADIUS timeout, the port immediately transitions to the Fail Open I-SID.
Note
Prior to releases that support Continuity Mode, transition to the Fail Open I-SID is based on interval-based RADIUS server reachability checks. If the RADIUS server is reachable, the switch continues to check the reachability at a default interval of three minutes. This interval-based check can lead to a transition delay of up to three minutes, from the moment when the RADIUS Server becomes unreachable until the port moves to the Fail Open I-SID.
Note
EAP and NEAP clients are not affected when the RADIUS servers are unreachable.
To use Fail Open I-SID:
Fail Open I-SID is a per-port configuration.
You must configure an I-SID either as a C-VLAN or as an ELAN with an associated platform VLAN before you can configure it as the Fail-Open I-SID.
After you configure the Fail Open I-SID and you enable EAP, an untagged S-UNI is created based on the supplied I-SID. When you change the Fail Open I-SID while EAP is enabled, the untagged S-UNI is replaced on the port.
Note
Fail Open I-SID is not supported in MHSA mode.
If there is a manually configured untagged S-UNI on the port, the untagged S-UNI, which uses the Fail Open I-SID, replaces it.
Caution is advised when both Fail-Open I-SID and Guest I-SID are configured. In this scenario, if a RADIUS server becomes reachable, the untagged S-UNI created based on the Fail-Open I-SID is removed and another untagged S-UNI based on the Guest I-SID is created.