Port-Security Authorization-Fail Offline - H3C MSR Series Command Reference Manual

Usage guidelines
After a user passes RADIUS or local authentication, the server performs authorization based on the
authorization attributes configured for the user account. For example, the server can assign a VLAN.
If you do not want the port to use such authorization attributes for users, use this command to ignore
the authorization information from the server.
Examples
# Configure GigabitEthernet 1/0/1 to ignore the authorization information from the authentication
server.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port-security authorization ignore
Related commands
display port-security

port-security authorization-fail offline

Use port-security authorization-fail offline to enable the authorization-fail-offline feature.
Use undo port-security authorization-fail offline to disable the authorization-fail-offline feature.
Syntax
port-security authorization-fail offline
undo port-security authorization-fail offline
Default
The authorization-fail-offline feature is disabled. The device does not log off users that have failed
ACL authorization.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The authorization-fail-offline feature logs off port security users that have failed ACL authorization.
A user fails ACL authorization in the following situations:
•
The device fails to authorize the specified ACL to the user.
•
The server assigns a nonexistent ACL to the user.
If this feature is disabled, the device does not log off users that have failed ACL authorization.
However, the device outputs messages to report the failure.
Examples
# Enable the authorization-fail-offline feature.
<Sysname> system-view
[Sysname] port-security authorization-fail offline
Related commands
display port-security
214