beautypg.com

Clearing authenticated mac addresses – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 295

background image

Multi-Service IronWare Security Configuration Guide

277

53-1003035-02

Configuring multi-device port authentication

6

You can optionally specify an alternate VLAN to which to move the port when the MAC session for
the address is deleted. For example, to place the port in the restricted VLAN, enter commands such
as the following.

Brocade(config)# interface e 3/1

Brocade(config-if-e100-3/1)# mac-auth move-back-to-old-vlan port-restrict-vlan

Syntax: [no] mac-authentication move-back-to-old-vlan disable | port-configured-vlan |

port-restrict-vlan | system-default-vlan

The disable keyword disables moving the port back to its original VLAN. The port would stay in its
RADIUS-assigned VLAN.

The port-configured-vlan keyword removes the port from its RADIUS-assigned VLAN and places it
back in the VLAN where it was originally assigned. This is the default.

The port-restrict-vlan keyword removes the port from its RADIUS-assigned VLAN and places it in the
restricted VLAN.

The system-default-vlan keyword removes the port from its RADIUS-assigned VLAN and places it in
the DEFAULT-VLAN.

Saving dynamic VLAN assignments to the running configuration file

You can configure the device to save the RADIUS-specified VLAN assignments to the device's
running configuration file. To do this, enter the following command.

Brocade(config)# mac-authentication save-dynamicvlan-to-config

Syntax: [no] mac-authentication save-dynamicvlan-to-config

By default, the dynamic VLAN assignments are not saved to the running configuration file. Entering
the show running-config command does not display dynamic VLAN assignments, although they can
be displayed with the show vlan and show auth-mac-address detail commands.

Clearing authenticated MAC addresses

The Brocade router maintains an internal table of the authenticated MAC addresses (viewable with
the show authenticated-mac-address command). You can clear the contents of the authenticated
MAC address table either entirely, or just for the entries learned on a specified interface. In
addition, you can clear the MAC session for an address learned on a specific interface.

To clear the entire contents of the authenticated MAC address table, enter the following command.

Brocade(config)# clear auth-mac-table

Syntax: clear auth-mac-table

To clear the authenticated MAC address table of entries learned on a specified interface, enter a
command such as the following.

Brocade(config)# clear auth-mac-table e 3/1

Syntax: clear auth-mac-table slot/portnum

To clear the MAC session for an address learned on a specific interface, enter commands such as
the following.

Brocade(config)# interface e 3/1

Brocade(config-if-e100-3/1)# mac-authentication clear-mac-session 00e0.1234.abd4

See also other documents in the category Brocade Computer Accessories: