RADIUS Server Is Unavailable to an EX Series Switch
server fail fallback
Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server.
Deny authentication, preventing traffic from flowing from the end device through the interface. This is the default.
Move the end device to a specified VLAN if the switch receives a RADIUS access-reject message. The configured VLAN name overrides any attributes sent by the server. (The VLAN must already exist on the switch.)
Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access.
server fail fallback | |
---|---|
set protocols dot1x authenticator interface <interface-name> server-fail permit | |
set protocols dot1x authenticator interface <interface-name> server-fail deny | |
set protocols dot1x authenticator interface <interface-name> server-fail <vlan-name> | |
set protocols dot1x authenticator interface <interface-name> server-fail use-cache | |
Reject fallback | |
set protocols dot1x authenticator interface <interface-name> server-reject-vlan <vlan-sf> |
sustain
permit
move