When the authentication service is not available for authentication, the supplicant is moved to authentication service-unavailable VLAN and given restricted access.
Starting with ExtremeXOS 30.2, you can configure multiple (10 maximum) service-unavailable VLANs per port.
To configure the authentication services unavailable VLAN, use the following commands:
configure netlogin authentication service-unavailable [{add} | {delete} | {{vlan vlan_name} {ports port_list {tagged | untagged}}}]
unconfigure netlogin authentication service-unavailable vlan vlan_name {ports port_list}
enable netlogin authentication service-unavailable vlan ports [ports | all]
disable netlogin authentication service-unavailable vlan ports [ports | all]
If a NetLogin port has web enabled, authentication-failure VLAN and authentication service-unavailable VLAN configuration are not applicable to MAC and Dot1x clients connected to that port. For example, if port 1:2 has NetLogin MAC and web authentication enabled and the service-unavailable VLAN is configured and enabled on it, and if a MAC client connected to that port fails authentication, it is not moved to service-unavailable VLAN.