beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 301

background image

• Duration of time - By default, dynamically-created passcodes are refreshed every 1440 minutes (24

hours). When refreshed, a new passcode is generated and the old passcode expires. You can
increase or decrease the duration of time after which passcodes are refreshed, or you can configure
the device to refresh passcodes at a certain time of day instead of after a duration of time.

• Time of day - When initially enabled, the time of day method will cause passcodes to be refreshed at

0:00 (12:00 midnight). If desired, you can change this time of day, and you can add up to 24 refresh
periods in a 24-hour period.

When a passcode is refreshed, the old passcode will no longer work, unless a grace period is
configured (refer to

Configuring a grace period for an expired passcode

on page 302).

If a user changes the passcode refresh value, the configuration is immediately applied to the current
passcode. For example, if the passcode duration is 100 minutes and the passcode was last generated
60 minutes prior, a new passcode will be generated in 40 minutes. However, if the passcode duration is
changed from 100 to 75 minutes, and the passcode was last generated 60 minutes prior, a new
passcode will be generated in 15 minutes. Similarly, if the passcode duration is changed from 100 to 50
minutes, and the passcode was last generated 60 minutes prior, the passcode will immediately expire
and a new passcode will be generated. The same principles apply to the time of day passcode refresh
method.

If you configure both duration of time and time of day passcode refresh values, they are saved to the
configuration file. You can switch back and forth between the passcode refresh methods, but only one
method can be enabled at a time.

NOTE
Passcodes are not stateful, meaning a software reset or reload will cause the system to erase the
passcode. When the FastIron switch comes back up, a new passcode will be generated.

Changing the passcode refresh duration

To change the duration of time after which passcodes are refreshed, enter commands such as the
following.

device(config-vlan-10-webauth)# auth-mode passcode refresh-type duration 4320

The passcode will be refreshed after 4320 minutes (72 hours).

Syntax: auth-mode passcode refresh-type duration value

For value, enter a number from 5 to 9999 minutes. The default is 1440 minutes (24 hours).

Refreshing passcodes at a certain time of the day

You can configure the FastIron switch to refresh passcodes at a certain time of day , up to 24 times
each day, instead of after a duration of time. When this feature is enabled, by default passcodes will be
refreshed at 00:00 (12 midnight).

To configure the switch to refresh passcodes at a certain time of day, enter commands such as the
following.

device(config-vlan-10-webauth)# auth-mode passcode refresh-type time 6:00

device(config-vlan-10-webauth)# auth-mode passcode refresh-type time 14:30

The passcode will be refreshed at 6:00am, 2:30pm, and 0:00 (12 midnight).

Syntax: [no] auth-mode passcode refresh-type hh:mm

Web Authentication

FastIron Ethernet Switch Security Configuration Guide

301

53-1003088-03

See also other documents in the category Brocade Computer Accessories: