(Optional) Configuring the Critical VLAN Function

Context

During MAC address authentication, when the access device is disconnected from the authentication server or the authentication server fails, the authentication process in the network is interrupted. In this case, the user fails authentication. Meanwhile, the user cannot be added to and access resources in the guest and restrict VLANs. After the critical VLAN function is configured, when the access device is disconnected from the authentication server or the authentication server fails, the MAC address authentication users are added to the critical VLAN, and can then access resources in the critical VLAN.

If a free-ip function is configured, the critical VLAN in MAC address authentication expires immediately.

The critical VLAN function can take effect only on hybrid interfaces that are added to VLANs in untagged mode. The critical VLAN function cannot take effect on the interfaces of other types.

You can configure the critical VLAN function of MAC address authentication in the system or interface view.

Procedure

In the system view:
1. Run system-view
  The system view is displayed.
2. Run authentication critical-vlan vlan-id interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  The critical VLAN to which the interface is added is configured.
  
  By default, an interface is not added to the critical VLAN.
3. Run authentication critical eapol-success interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  The function of replying an EAPoL-Success packet to the user after the user is added to the critical VLAN is configured.
  
  By default, an EAPoL-Fail packet is sent to a user after the user is added to the critical VLAN.
4. Run authentication max-reauth-req times interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  The maximum number of re-authentication attempts for users in the critical VLAN is set.
  
  By default, the maximum number of re-authentication attempts for users in the critical VLAN is 20.
In the interface view:
1. Run system-view
  The system view is displayed.
2. Run interface interface-type interface-number
  The interface view is displayed.
3. Run authentication critical-vlan vlan-id
  The critical VLAN to which the interface is added is configured.
  
  By default, an interface is not added to the critical VLAN.
4. Run authentication critical eapol-success
  The function of replying an EAPoL-Success packet to the user after the user is added to the critical VLAN is configured.
  
  By default, an EAPoL-Fail packet is sent to a user after the user is added to the critical VLAN.
5. Run authentication max-reauth-req times
  The maximum number of re-authentication attempts for users in the critical VLAN is set.
  
  By default, the maximum number of re-authentication attempts for users in the critical VLAN is 20.