beautypg.com

Forcing re-authentication after an inactive period, Defining the web authorization redirect address – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 309

background image

Forcing re-authentication after an inactive period

You can force Web Authenticated hosts to be re-authenticated if they have been inactive for a period of
time. The inactive duration is calculated by adding the mac-age-time that has been configured for the
device and the configured authenticated-mac-age-time . (The mac-age-time command defines how
long a port address remains active in the address table.) If the authenticated host is inactive for the sum
of these two values, the host is forced to be re-authenticated.

To force authenticated hosts to re-authenticate after a period of inactivity, enter commands such as the
following.

device

(config)# mac-age-time 600

device

(config)# vlan 23

device

(config-vlan-23)webauth

device

(config-vlan-23-webauth)# reauth-time 303

device

(config-vlan-23-webauth)# authenticated-mac-age-time 300

Syntax: [no] authenticated-mac-age-time seconds

You can enter a value from 0 to the value entered for reauth-time . The default is 3600.

Refer to "Changing the MAC age time and disabling MAC address learning" section in the FastIron
Ethernet Switch Platform and Layer 2 Switching Configuration Guid e for details on the mac-age-time
command. The default mac-age-time is 300 seconds and can be configured to be between 60 and 600
on the FastIron switch. If it is configured to be 0, then the MAC address does not age out due to
inactivity.

Defining the web authorization redirect address

When a user enters a valid URL address (one that exists), the user is redirected to a Web
Authentication address and the Welcome page for Web Authentication is displayed. By default, this
Web Authentication address is the IP address of the FastIron switch. You can change this address so
that the address matches the name on the security certificates.

To change the address on a Layer 2 switch, enter a command such as the following at the global
configuration level.

device(config)# webauth-redirect-address my.domain.net

To change the address on a Layer 3 switch, enter a command such as the following at the Web
Authentication VLAN level.

device(config-vlan-10-webauth)# webauth-redirect-address my.domain.net

Entering "my.domain.net" redirects the browser to https://my.domain.net/ when the user enters a valid
URL on the Web browser.

Syntax: [no] webauth-redirect-address string

For string , enter up to 64 alphanumeric characters. You can enter any value for string , but entering the
name on the security certificate prevents the display of error messages saying that the security
certificate does not match the name of the site.

Forcing re-authentication after an inactive period

FastIron Ethernet Switch Security Configuration Guide

309

53-1003088-03

See also other documents in the category Brocade Computer Accessories: