Enabling the authorization-fail-offline feature

About the authorization-fail-offline feature

The authorization-fail-offline feature logs off port security users that fail ACL or user profile authorization.

A user fails ACL or user profile authorization in the following situations:

This feature does not apply to users that fail VLAN authorization. The device logs off these users directly.

You can also enable the quiet timer feature for 802.1X or MAC authentication users that are logged off by the authorization-fail-offline feature. The device adds these users to the 802.1X or MAC authentication quiet queue. Within the quiet timer, the device does not process packets from these users or authenticate them. If you do not enable the quiet timer feature, the device immediately authenticates these users upon receiving packets from them.

Prerequisites

For the quiet timer feature to take effect, complete the following tasks:

Procedure

  1. Enter system view.

    system-view

  2. Enable the authorization-fail-offline feature.

    port-security authorization-fail offline [ quiet-period ]

    By default, this feature is disabled, and the device does not log off users that fail ACL or user profile authorization.