Configuring Authentication Service-Unavailable VLAN

When the authentication service is not available for authentication, the supplicant is moved to authentication service-unavailable VLAN and given restricted access.

Starting with ExtremeXOS 30.2, you can configure multiple (10 maximum) service-unavailable VLANs per port.

To configure the authentication services unavailable VLAN, use the following commands:

configure netlogin authentication service-unavailable [{add} | {delete} | {{vlan vlan_name} {ports port_list {tagged | untagged}}}]

unconfigure netlogin authentication service-unavailable vlan vlan_name {ports port_list}

enable netlogin authentication service-unavailable vlan ports [ports | all]

disable netlogin authentication service-unavailable vlan ports [ports | all]

If a NetLogin port has web enabled, authentication-failure VLAN and authentication service-unavailable VLAN configuration are not applicable to MAC and Dot1x clients connected to that port. For example, if port 1:2 has NetLogin MAC and web authentication enabled and the service-unavailable VLAN is configured and enabled on it, and if a MAC client connected to that port fails authentication, it is not moved to service-unavailable VLAN.