04-01-2014 06:08 PM
I have a FastIron WS 648G with mac-vlan enabled and two vlans: vlan 1 for full access on the local network and vlan 2 for restricted access. I have a radius server set up which directs authorized MACs onto vlan 1. And the switch is configured to put any device failing mac authentication onto vlan 2, via the 'auth-fail-vlan-id' and 'auth-fail-action restrict-vlan'.
This works fine, but if the radius server is down then I'd like the switch to put all devices onto vlan 1 to give them full access, rather then the restricted vlan 2. So my question is, is there any way of configuring an action on the switch for when it receives no response from radius, rather then an ACCESS-REJECT message. It's more important to me that authorised devices aren't distrupted if radius goes down.
04-01-2014 09:19 PM
I think I've figured out a solution. If I use multi device port authentication I can specify a radius timeout action such as: 'mac-authentication auth-timeout-action success'. Before I was using MAC based vlans which don't appear to have this option.