Configuration restrictions and guidelines ··········································································································· 96

Configuration procedure ······································································································································ 96

Referencing a portal Web server for an interface ······································································································ 96

Controlling portal user access ······································································································································ 97

Configuring a portal-free rule······························································································································· 97

Configuring an authentication source subnet ····································································································· 98

Configuring an authentication destination subnet ····························································································· 99

Setting the maximum number of portal users ··································································································· 100

Specifying a portal authentication domain ······································································································ 100

Configuring portal detection functions ······················································································································· 101

Configuring online detection of portal users ···································································································· 101

Configuring portal authentication server detection ·························································································· 102

Configuring portal Web server detection ········································································································· 103

Configuring portal user synchronization ··········································································································· 103

Configuring the portal fail-permit function ················································································································· 104

Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ·································· 105

Enabling portal roaming ············································································································································· 106

Logging out portal users ·············································································································································· 106

Displaying and maintaining portal ···························································································································· 106

Portal configuration examples ···································································································································· 107

Configuring direct portal authentication ··········································································································· 107

Configuring re-DHCP portal authentication ······································································································ 115

Configuring cross-subnet portal authentication ································································································ 119

Configuring extended direct portal authentication ·························································································· 122

Configuring extended re-DHCP portal authentication ····················································································· 125

Configuring extended cross-subnet portal authentication ··············································································· 128

Configuring portal server detection and portal user synchronization ··························································· 132

Configuring cross-subnet portal authentication for MPLS L3VPNs ································································· 140

Troubleshooting portal ················································································································································· 142

No portal authentication page is pushed for users ························································································· 142

Cannot log out portal users on the access device ··························································································· 142

Cannot log out portal users on the RADIUS server ·························································································· 143

Users logged out by the access device still exist on the portal authentication server ·································· 143

Re-DHCP portal authenticated users cannot log in successfully······································································ 144

Configuring port security ········································································································································ 145

Overview ······································································································································································· 145

Port security features ··········································································································································· 145

Port security modes ············································································································································· 145

Configuration task list ·················································································································································· 148

Enabling port security ·················································································································································· 149

Setting port security's limit on the number of secure MAC addresses on a port ·················································· 149

Setting the port security mode ···································································································································· 150

Configuring port security features ······························································································································ 151

Configuring NTK ················································································································································· 151

Configuring intrusion protection ························································································································ 151

Configuring secure MAC addresses ·························································································································· 152

Configuration prerequisites ································································································································ 153

Ignoring authorization information from the server ·································································································· 153

Enabling MAC move ··················································································································································· 154

Displaying and maintaining port security ·················································································································· 154

Port security configuration examples ························································································································· 155

autoLearn configuration example ······················································································································ 155

userLoginWithOUI configuration example ······································································································· 156

iii