Clearing authenticated mac addresses, Disabling aging for authenticated mac addresses – Brocade TurboIron 24X Series Configuration Guide User Manual

Brocade TurboIron 24X Series Configuration Guide

1011

53-1003053-01

Configuring multi-device port authentication

TurboIron(config)#interface e 1

TurboIron(config-if-e10000-1)#mac-authentication dos-protection enable

ITo specify a maximum rate for RADIUS authentication attempts, enter commands such as the
following.

TurboIron(config)#interface e 1

TurboIron(config-if-e10000-1)#mac-authentication dos-protection mac-limit 256

Syntax: [no] mac-authentication dos-protection mac-limit <number>

You can specify a rate from 1 – 65535 authentication attempts per second. The default is a rate of
512 authentication attempts per second.

Clearing authenticated MAC addresses

The device maintains an internal table of the authenticated MAC addresses (viewable with the
show authenticated-mac-address command). You can clear the contents of the authenticated MAC
address table either entirely, or just for the entries learned on a specified interface. In addition,
you can clear the MAC session for an address learned on a specific interface.

To clear the entire contents of the authenticated MAC address table, enter the following command.

TurboIron#clear auth-mac-table

Syntax: clear auth-mac-table

To clear the authenticated MAC address table of entries learned on a specified interface, enter a
command such as the following.

TurboIron#clear auth-mac-table e1

Syntax: clear auth-mac-table >

The > parameter is a valid port number.

To clear the MAC session for an address learned on a specific interface, enter commands such as
the following.

TurboIron(config)#interface e 1

TurboIron(config-if-e10000-1)#mac-authentication clear-mac-session 0000.0034.abd4

Syntax: mac-authentication clear-mac-session <mac-address>

This command removes the Layer 2 CAM entry created for the specified MAC address. If the device
receives traffic from the MAC address again, the MAC address is authenticated again.

Disabling aging for authenticated MAC addresses

MAC addresses that have been authenticated or denied by a RADIUS server are aged out if no
traffic is received from the MAC address for a certain period of time:

•

Authenticated MAC addresses or non-authenticated MAC addresses that have been placed in
the restricted VLAN are aged out if no traffic is received from the MAC address over the device
normal MAC aging interval.

•

Non-authenticated MAC addresses that are blocked by the device are aged out if no traffic is
received from the address over a fixed hardware aging period (70 seconds), plus a
configurable software aging period. (Refer to the next section for more information on
configuring the software aging period).