Yes, for such authentication server is unreachable cases we support User-Role as “Critical-Role”. Authentication server unreachability because of a fault in the infrastructure like this case.
WAN failure, it is unfair for the clients to get impacted(authentication failure due to a “radius-not-being-reachable not because of radius-reject :-)).
aaa authorization user-role name <ROLE-NAME>
vlan-id <UNTAGGED-VLAN>
vlan-id-tagged <TAGGED-VLAN>
aaa port-access <port> critical-auth user-role
like:
aaa port-access 1/11 critical-auth user-role "VLAN-CRITICAL"
aaa authorization user-role name "VLAN-CRITICAL"
policy "PERMIT-ALL"
vlan-id 200
exit
Does this help?
Thanks,
Yash