Enabling Mac Move; Enabling The Authorization-Fail-Offline Feature - HP FlexNetwork 10500 Series Security Configuration Manual

To configure a port to ignore authorization information from the server:
Step
1. Enter system view.
2. Enter Layer 2 Ethernet
interface view.
3. Ignore the authorization
information received from
the authentication server.

Enabling MAC move

MAC move allows 802.1X or MAC authenticated users to move between ports on a device. For
example, if an authenticated 802.1X user moves to another 802.1X-enabled port on the device, the
authentication session is deleted from the first port. The user is reauthenticated on the new port.
If MAC move is disabled and an 802.1X authenticated user moves to another port, the user is not
reauthenticated.
As a best practice, enable MAC move for wireless users that roam between ports to access the
network.
To enable MAC move:
Step
1. Enter system view.
2. Enable MAC move.

Enabling the authorization-fail-offline feature

The authorization-fail-offline feature logs off port security users who fail ACL authorization.
A user fails ACL authorization in the following situations:
•
The device fails to authorize the specified ACL to the user.
•
The server assigns a nonexistent ACL to the user.
This feature does not apply to users who fail VLAN authorization. The device logs off these users
directly.
To enable the authorization-fail-offline feature:
Step
1. Enter system view.
2. Enable the
authorization-fail-offline
feature.
Command
system-view
interface interface-type
interface-number
port-security authorization
ignore
Command
system-view
port-security mac-move permit
Command
system-view
port-security authorization-fail
offline
201
Remarks
N/A
N/A
By default, a port uses the
authorization information received
from the authentication server.
Remarks
N/A
By default, MAC move is
disabled.
Remarks
N/A
By default, this feature is
disabled, and the device does not
log off users who fail ACL
authorization.