Setting Default VLAN for Policy Role

A default VLAN can be configured for a policy role. A default VLAN will only be used when either a VLAN is not specifically assigned by a classification rule or all policy role classification rules are missed. To configure a default VLAN, enable pvid-status and specify the port VLAN to be used. pvid-status is disabled by default.
Note

Note

ExtremeXOS supports the assignment of port VLAN IDs 1–4,094. Use of VLAN ID 4094 is supported by stackable and standalone devices. VLAN IDs 0 and 4095 cannot be assigned as port VLAN IDs, but 0 has a special meaning within a policy context and can be assigned to the PVID parameter. Within a policy context 0 specifies an explicit deny of all VLANs.

If policy profiles with PVID 0 and PVID 4095 are configured and for MAC authentication profile with PVID 0 is sent using Filter ID attribute and for Dot1x profile with PVID 4095 is sent from RADIUS with VLAN tunnel ID as 11. Then if both MAC and Dot1x are enabled on the same port, on successful MAC authentication when profile with PVID 0 is applied based on the configurations "Explicit Deny all rule" is installed and Dot1x authentication is succeeded with PVID 4095 (no action) applied, but then traffic does not egress using Tunnel VLAN tag 11 or any default VLAN or admin profile VLAN where the port is bounded since the deny all rule is installed.