beautypg.com

Configuring the re-authentication period, Defining the web authentication cycle, Limiting the number of web authentication attempts – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 306: Configuring, The re-authentication period

background image

Entering a no add mac mac-addressdurationseconds|ethernetportdurationseconds command sets
duration and ethernet to their default values. If you want to remove a host, enter the no add mac mac-
address command.

NOTE
If a MAC address is statically configured, this MAC address will not be allowed to be dynamically
configured on any port.

Configuring the re-authentication period

After a successful authentication, a user remains authenticated for a duration of time. At the end of this
duration, the host is automatically logged off. The user must be re-authenticated again. To set the
number of seconds a host remains authenticated before being logged off, enter a command such as
the following.

device(config-vlan-10-webauth)# reauth-time 10

Syntax: [no] reauth-time seconds

You can specify 0 - 128000 seconds. The default is 28800 seconds, and 0 means the user is always
authenticated and will never have to re-authenticate, except if an inactive period less than the re-
authentication period is configured on the Web Authentication VLAN. If this is the case, the user
becomes de-authenticated if there is no activity and the timer for the inactive period expires.

Defining the web authentication cycle

You can set a limit as to how many seconds users have to be Web Authenticated by defining a cycle
time. This time begins at a user first Login attempt on the Login page. If the user has not been
authenticated successfully when this time expires, the user must enter a valid URL again to display the
Web Authentication Welcome page.

To define a cycle time, enter a command such as the following.

device(config-vlan-10-webauth)# cycle time 20

Syntax: [no] cycle time seconds

Enter 0 - 3600 seconds, where 0 means there is no time limit. The default is 600 seconds

Limiting the number of web authentication attempts

You can set a limit on the number of times a user enters an invalid user name and password during
the specified cycle time. If the user exceeds the limit, the user is blocked for a duration of time, which
is defined by the block duration command. Also, the Web browser will be redirected to the Exceeded
Allowable Attempts webpage.

To limit the number of Web Authentication attempts, enter a command such as the following.

device(config-vlan-10-webauth)# attempt-max-num 4

Syntax: [no] attempt-max-num number

Enter a number from 0 to 64, where 0 means there is no limit to the number of Web Authentication
attempts. The default is 5.

Configuring the re-authentication period

306

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: