EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #207 background imageLoading...
Page #207 background image
194
As a best practice, enable MAC move for wireless users that roam between ports to access the
network.
To enable MAC move:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable MAC move.
port-security mac-move permit
By default, MAC move is
disabled.
Applying a NAS-ID profile to port security
By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.
A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests
from different VLANs. The strings can be organization names, service names, or any user
categorization criteria, depending on the administrative requirements.
For example, map the NAS-ID companyA to all VLANs of company A. The device will send
companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any
Company A users.
You can apply a NAS-ID profile to port security globally or on a port. On a port, the device selects a
NAS-ID profile in the following order:
1. The port-specific NAS-ID profile.
2. The NAS-ID profile applied globally.
If no NAS-ID profile is applied or no matching binding is found in the selected profile, the device uses
the device name as the NAS-ID.
For more information about the NAS-ID profile configuration, see "Configuring AAA."
To apply a NAS-ID profile to port security:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Apply a NAS-ID profile to
port security.
• In system view:
port-security nas-id-profile
profile-name
• In Layer 2 Ethernet interface
view:
a. interface interface-type
interface-number
b. port-security
nas-id-profile
profile-name
By default, no NAS-ID profile is
applied in system view or in Layer
2 Ethernet interface view.
Enabling the authorization-fail-offline feature
The authorization-fail-offline feature logs off port security users who fail ACL or user profile
authorization.
A user fails ACL or user profile authorization in the following situations:
• The device fails to authorize the specified ACL or user profile to the user.
• The server assigns a nonexistent ACL or user profile to the user.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals