port-access device-profile mode block-until-profile-applied



You must configure this mode in device profile only on standalone ports where there is no security configured and when you not want the port to be offline until one client is onboarded.

port-access device-profile
		mode block-until-profile-applied

no port-access device-profile mode block-until-profile-applied


Configures the switch to block the port until a profile match occurs for a device. This configuration is required when no security feature is enabled on the port.

You must enable this mode or security on the port for local MAC match feature to operate. You must not enable both features on the same port at the same time.


You must not combine any other AAA configurations with the block-until-profile-applied mode.

The no form of this command removes a rule for adding devices to a MAC group.

Command context




Administrators or local user group members with execution rights for this command.


On the 6400 Switch Series, interface identification differs.

Configuring block-until-profile applied mode on port 1/1/1:

switch(config)# interface 1/1/1
switch(config-if)# port-access device-profile
switch(config-if-deviceprofile)# mode block-until-profile-applied
switch(config-if-deviceprofile)# end