Strict security mode for dynamic filter assignment

By default, dynamic filter assignment operates in strict security mode. When strict security mode is enabled, authentication for a port fails if the Filter-Id attribute contains invalid information to implement the IP ACLs or MAC ACLs. You can manually disable the strict security mode using the no filter-strict-security command in the interface configuration mode.

When strict security mode is enabled:

When strict security mode is disabled: