194
As a best practice, enable MAC move for wireless users that roam between ports to access the
network.
To enable MAC move:
1. Enter system view.
N/A
2. Enable MAC move.
port-security mac-move permit
disabled.
Applying a NAS-ID profile to port security
By default, the device sends its device name in the NAS-Identifier attribute of all RADIUS requests.
A NAS-ID profile enables you to send different NAS-Identifier attribute strings in RADIUS requests
from different VLANs. The strings can be organization names, service names, or any user
categorization criteria, depending on the administrative requirements.
For example, map the NAS-ID companyA to all VLANs of company A. The device will send
companyA in the NAS-Identifier attribute for the RADIUS server to identify requests from any
Company A users.
You can apply a NAS-ID profile to port security globally or on a port. On a port, the device selects a
NAS-ID profile in the following order:
1. The port-specific NAS-ID profile.
2. The NAS-ID profile applied globally.
If no NAS-ID profile is applied or no matching binding is found in the selected profile, the device uses
the device name as the NAS-ID.
For more information about the NAS-ID profile configuration, see "Configuring AAA."
To apply a NAS-ID profile to port security:
1. Enter system view.
system-view
N/A
2. Apply a NAS-ID profile to
port security.
• In system view:
port-security nas-id-profile
profile-name
• In Layer 2 Ethernet interface
view:
a. interface interface-type
interface-number
b. port-security
nas-id-profile
By default, no NAS-ID profile is
applied in system view or in Layer
2 Ethernet interface view.
Enabling the authorization-fail-offline feature
The authorization-fail-offline feature logs off port security users who fail ACL or user profile
authorization.
A user fails ACL or user profile authorization in the following situations:
• The device fails to authorize the specified ACL or user profile to the user.
• The server assigns a nonexistent ACL or user profile to the user.
To Next Page
Loading...
