beautypg.com

Manually blocking and unblocking a specific host, Attempts, Clearing – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 307

background image

Clearing authenticated hosts from the webauthentication table

Use the following commands to clear dynamically-authenticated hosts from the Web Authentication
table.

To clear all authenticated hosts in a Web authentication VLAN, enter a command such as the following.

device#clear webauth vlan 25 authenticated-mac

This command clears all the authenticated hosts in VLAN 25.

To clear a particular host in a Web authentication VLAN, enter a command such as the following.

device#clear webauth vlan 25 authenticated-mac 0000.0022.3333

This command clears host 0000.0022.3333 from VLAN 25.

Syntax: clear webauth vlan vlan-id authenticated-mac [ mac-address ]

Setting and clearing the block duration for webauthentication attempts

After users exceed the limit for Web Authentication attempts, specify how many seconds users must
wait before the next cycle of Web Authenticated begins. Enter a command such as the following.

device(config-vlan-10-webauth)# block duration 4

Syntax: [no] block duration seconds

Users cannot attempt Web Authentication during this time.

Enter 0-128000 seconds. The default is 90 seconds, and entering 0 means that the MAC address is
infinitely blocked.

To unblock the MAC address, wait until the block duration timer expires or enter a command such as
the following.

Brocade(config-vlan-10-webauth)# clear webauth vlan 10 block-mac 000.000.1234

Syntax: clear webauth vlan vlan-id block-mac [ mac-address ]

If you do not enter a mac-address , then all the entries for the specified VLAN will be cleared.

Manually blocking and unblocking a specific host

A host can be temporarily or permanently blocked from attempting Web Authentication by entering a
command such as the following.

Brocade(config-vlan-10-webauth)# block mac 0000.00d1.0a3d duration 4

Syntax: [no] block mac mac-address duration seconds

Syntax: [no] block mac mac-address

Enter 0 - 128000 for seconds . The default is the current value of block duration command. Entering a
value of "0" means the MAC address is blocked permanently.

Entering no block mac mac-address duration seconds resets duration to its default value.

You can unblock a host by entering the no block mac mac-address command.

Clearing authenticated hosts from the webauthentication table

FastIron Ethernet Switch Security Configuration Guide

307

53-1003088-03

See also other documents in the category Brocade Computer Accessories: