Configuring the portal fail-permit feature ········································································································ 151

Configuring BAS-IP for portal packets sent to the portal authentication server ············································· 151

Applying a NAS-ID profile to an interface ······································································································ 152

Configuring the local portal Web server feature ····························································································· 153

Customizing authentication pages ········································································································· 153

Configuring a local portal Web server ···································································································· 155

Enabling portal roaming ································································································································· 155

Logging out online portal users ······················································································································ 156

Displaying and maintaining portal ·················································································································· 156

Portal configuration examples ························································································································ 157

Configuring direct portal authentication ·································································································· 157

Configuring re-DHCP portal authentication ···························································································· 162

Configuring cross-subnet portal authentication ······················································································ 165

Configuring extended direct portal authentication ·················································································· 168

Configuring extended re-DHCP portal authentication ············································································ 171

Configuring extended cross-subnet portal authentication ······································································ 175

Configuring portal server detection and portal user synchronization ····················································· 178

Configuring cross-subnet portal authentication for MPLS L3VPNs························································ 184

Configuring direct portal authentication using the local portal Web server ············································ 186

Troubleshooting portal ··································································································································· 189

No portal authentication page is pushed for users ················································································· 189

Cannot log out portal users on the access device ················································································· 189

Cannot log out portal users on the RADIUS server ··············································································· 190

Users logged out by the access device still exist on the portal authentication server···························· 190

Re-DHCP portal authenticated users cannot log in successfully ··························································· 190

Configuring port security ············································································· 192

Overview ························································································································································ 192

Port security features ····························································································································· 192

Port security modes ······························································································································· 192

General guidelines and restrictions ················································································································ 195

Configuration task list ····································································································································· 195

Enabling port security ···································································································································· 195

Setting port security's limit on the number of secure MAC addresses on a port ············································ 196

Setting the port security mode ······················································································································· 196

Configuring port security features ·················································································································· 198

Configuring NTK ····································································································································· 198

Configuring intrusion protection ············································································································· 198

Configuring secure MAC addresses ·············································································································· 199

Configuration prerequisites ···················································································································· 200

Configuration procedure ························································································································· 200

Ignoring authorization information from the server ························································································ 200

Enabling MAC move ······································································································································ 201

Enabling the authorization-fail-offline feature ································································································· 201

Applying a NAS-ID profile to port security ······································································································ 202

Displaying and maintaining port security ······································································································· 202

Port security configuration examples ············································································································· 203

autoLearn configuration example ··········································································································· 203

userLoginWithOUI configuration example ······························································································ 204

macAddressElseUserLoginSecure configuration example ···································································· 207

Troubleshooting port security ························································································································· 211

Cannot set the port security mode ········································································································· 211

Cannot configure secure MAC addresses ····························································································· 211

Configuring password control ····································································· 213

Password setting ···································································································································· 213

Password updating and expiration ········································································································· 214

User login control ··································································································································· 215

Password not displayed in any form ······································································································ 215

Table of Contents