In the free mobility solution, users' security group and group policies can be authorized to associated access devices through controllers. After a device receives authorization information, it converts the information to executable commands. You can run commands on the device to control users' network access policies through the security group and group policies even if the free mobility solution is not used. However, the security group and group policies cannot be applied on all access devices.
For details on how to run commands on the device to control users' network access policies through the security group and group policies, see "NAC Configuration (Unified Mode)" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - User Access and Authentication.
After using the free mobility function to enable controllers to authorize users' security group and group policies to access devices through controllers, you can run commands on the device to check authorization configuration to facilitate fault location.