Enabling portal roaming ············································································································································· 136

Logging out portal users ·············································································································································· 136

Displaying and maintaining portal ···························································································································· 136

Portal configuration examples ···································································································································· 137

Configuring direct portal authentication ··········································································································· 137

Configuring re-DHCP portal authentication ······································································································ 145

Configuring cross-subnet portal authentication ································································································ 149

Configuring extended direct portal authentication ·························································································· 152

Configuring extended re-DHCP portal authentication ····················································································· 155

Configuring extended cross-subnet portal authentication ··············································································· 159

Configuring portal server detection and portal user synchronization ··························································· 162

Troubleshooting portal ················································································································································· 170

No portal authentication page is pushed for users ························································································· 170

Cannot log out portal users on the access device ··························································································· 170

Cannot log out portal users on the RADIUS server ·························································································· 171

Users logged out by the access device still exist on the portal authentication server ·································· 171

Re-DHCP portal authenticated users cannot log in successfully······································································ 172

Configuring port security ········································································································································ 173

Overview ······································································································································································· 173

Port security features ··········································································································································· 173

Port security modes ············································································································································· 173

Configuration task list ·················································································································································· 176

Enabling port security ·················································································································································· 177

Setting port security's limit on the number of secure MAC addresses on a port ·················································· 177

Setting the port security mode ···································································································································· 178

Configuring port security features ······························································································································ 179

Configuring NTK ················································································································································· 179

Configuring intrusion protection ························································································································ 179

Configuring secure MAC addresses ·························································································································· 180

Configuration prerequisites ································································································································ 181

Configuration procedure ···································································································································· 181

Ignoring authorization information from the server ·································································································· 182

Enabling MAC move ··················································································································································· 182

Applying NAS-ID profile to port security ··················································································································· 183

Enabling the authorization-fail-offline feature ··········································································································· 184

Displaying and maintaining port security ·················································································································· 184

Port security configuration examples ························································································································· 184

autoLearn configuration example ······················································································································ 184

userLoginWithOUI configuration example ······································································································· 186

macAddressElseUserLoginSecure configuration example ··············································································· 189

Troubleshooting port security ······································································································································ 193

Cannot set the port security mode ····················································································································· 193

Cannot configure secure MAC addresses ········································································································ 193

Configuring password control ································································································································ 194

Password setting ·················································································································································· 194

Password updating and expiration ··················································································································· 195

User login control ················································································································································ 196

Password not displayed in any form ················································································································· 197

Logging ································································································································································· 197

FIPS compliance ··························································································································································· 197

Password control configuration task list ····················································································································· 197

Enabling password control ········································································································································· 198