Enabling the authorization-fail-offline feature
The authorization-fail-offline feature logs off port security users who fail ACL or user profile authorization.
A user fails ACL or user profile authorization in the following situations:
The device fails to authorize the specified ACL or user profile to the user.
•
•
The server assigns a nonexistent ACL or user profile to the user.
This feature does not apply to VLAN authorization failure. The device logs off these users directly.
To enable the authorization-fail-offline feature:
Step
1.
Enter system view.
2.
Enable the
authorization-fail-offline
feature.
Displaying and maintaining port security
Execute display commands in any view:
Task
Display the port security configuration,
operation information, and statistics.
Display information about secure MAC
addresses.
Display information about blocked MAC
addresses.
Port security configuration examples
autoLearn configuration example
Network requirements
As shown in
requirements:
Accept up to 64 users without authentication.
•
•
Be permitted to learn and add MAC addresses as sticky MAC addresses, and set the secure MAC
aging timer to 30 minutes.
Stop learning MAC addresses after the number of secure MAC addresses reaches 64. If any frame
•
with an unknown MAC address arrives, intrusion protection starts, and the port shuts down and
stays silent for 30 seconds.
Figure
67, configure port Ten-GigabitEthernet 1/0/1 on the device to meet the following
Command
system-view
port-security authorization-fail
offline
Command
display port-security [ interface interface-type interface-number ]
display port-security mac-address security [ interface
interface-type interface-number ] [ vlan vlan-id ] [ count ]
display port-security mac-address block [ interface interface-type
interface-number ] [ vlan vlan-id ] [ count ]
184
Remarks
N/A
By default, this feature is disabled,
and the device does not log off
users who fail ACL or user profile
authorization.