beautypg.com

Clearing authenticated mac addresses, Refer to, Viewing the – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 269

background image

NOTE
Source guard protection is supported only on the router image and not on the switch image.

Viewing the assigned ACL for ports on which source guard protection is enabled

Use the following command to view whether a Source Guard ACL or dynamic ACL is applied to ports on
which Source Guard Protection is enabled.

device(config)#show auth-mac-addresses authorized-mac ip-addr

-------------------------------------------------------------------------------

MAC Address SourceIp Port Vlan Auth Age ACL dot1x

-------------------------------------------------------------------------------

0000.0010.2000 10.1.17.5 6/12 171 Yes Dis SG

Ena

0000.0010.2001 10.1.17.6 6/13 171 Yes Dis 103

Ena

In the above output, for port 6/12, Source Guard Protection is enabled and the Source Guard ACL is
applied to the MAC session, as indicated by SG in the ACL column. For port 6/13, Source Guard
Protection is also enabled, but in this instance, a dynamic ACL (103) is applied to the MAC session.

Clearing authenticated MAC addresses

The Brocade device maintains an internal table of the authenticated MAC addresses (viewable with the
show authenticated-mac-address command). You can clear the contents of the authenticated MAC
address table either entirely, or just for the entries learned on a specified interface. In addition, you can
clear the MAC session for an address learned on a specific interface.

To clear the entire contents of the authenticated MAC address table, enter the clear auth-mac-table
command.

device#clear auth-mac-table

Syntax: clear auth-mac-table

To clear the authenticated MAC address table of entries learned on a specified interface, enter a
command such as the following.

device#clear auth-mac-table e 3/1

Syntax: clear auth-mac-table ethernet port

To clear the MAC session for an address learned on a specific interface, enter commands such as the
following.

device(config)#interface e 3/1

device(config-if-e1000-3/1)#mac-authentication clear-mac-session 0000.0034.abd4

Syntax: clear auth-mac-table clear-mac-session mac-address

This command removes the Layer 2 CAM entry created for the specified MAC address. If the Brocade
device receives traffic from the MAC address again, the MAC address is authenticated again.

NOTE
In a configuration with multi-device port authentication and 802.1X authentication on the same port, the
mac-authentication clear-mac-session command will clear the MAC session, as well as its respective
802.1X session, if it exists.

Viewing the assigned ACL for ports on which source guard protection is enabled

FastIron Ethernet Switch Security Configuration Guide

269

53-1003088-03

See also other documents in the category Brocade Computer Accessories: