If network login fails to perform Campus mode login, you can configure the switch to authenticate the client in the original VLAN or deny authentication even if the user name and password are correct. For example, this may occur if a destination VLAN does not exist.
To configure the behavior of network login if a VLAN move fails, use the following command:
configure netlogin move-fail-action [authenticate | deny]By default, the setting is deny.
The following describes the parameters of this command if two clients want to move to a different untagged VLAN on the same port:
The dot1x client is not informed of the VLAN move-fail because it always receives EAP-Success or EAP-Fail directly based on the authentication result, not based on both authentication and the VLAN move result.