restricted-vlan

Configures a specific VLAN as the restricted VLAN for all ports on the device to place the client port when the authentication fails.

Syntax

restricted-vlan vlan-id
no restricted-vlan vlan-id

Command Default

The restricted VLAN is not configured.

Parameters

vlan-id
Specifies the identification number of the restricted VLAN.

Modes

Authentication configuration mode

Usage Guidelines

When an authentication fails, the port can be moved into a configured restricted VLAN instead of blocking the client completely. The port is moved to the configured restricted VLAN only if the authentication failure action is set to place the port in a restricted VLAN using the auth-fail-action command at the global level or using the authentication fail-action command at the interface level. Else, when the authentication fails, the client's MAC address is blocked in the hardware (default action).

The no form of the command disables the restricted VLAN.

Examples

The following example creates a restricted VLAN with VLAN 4. 

device(config)# authentication
device(config-authen)# restricted-vlan 4

History

Release version Command history
08.0.20 This command was introduced.