Configuration Guide User guide
1866 FastIron Configuration Guide
53-1002494-02
Multi-device port authentication configuration
Clearing authenticated MAC addresses
The Brocade device maintains an internal table of the authenticated MAC addresses (viewable with
the show authenticated-mac-address command). You can clear the contents of the authenticated
MAC address table either entirely, or just for the entries learned on a specified interface. In
addition, you can clear the MAC session for an address learned on a specific interface.
To clear the entire contents of the authenticated MAC address table, enter the clear auth-mac-table
command.
Brocade#clear auth-mac-table
Syntax: clear auth-mac-table
To clear the authenticated MAC address table of entries learned on a specified interface, enter a
command such as the following.
Brocade#clear auth-mac-table e 3/1
Syntax: clear auth-mac-table ethernet <port>
Specify the port variable in one of the following formats:
• FWS, FCX, and ICX stackable switches – stack-unit/slotnum/portnum
• FSX 800 and FSX 1600 chassis devices – slotnum/portnum
• ICX devices – slotnum/portnum
• FESX compact switches – portnum
To clear the MAC session for an address learned on a specific interface, enter commands such as
the following.
Brocade(config)#interface e 3/1
Brocade(config-if-e1000-3/1)#mac-authentication clear-mac-session 00e0.1234.abd4
Syntax: mac-authentication clear-mac-session <mac-address>
This command removes the Layer 2 CAM entry created for the specified MAC address. If the
Brocade device receives traffic from the MAC address again, the MAC address is authenticated
again.
NOTE
In a configuration with multi-device port authentication and 802.1X authentication on the same
port, the mac-authentication clear-mac-session command will clear the MAC session, as well as its
respective 802.1X session, if it exists.
Disabling aging for authenticated MAC addresses
MAC addresses that have been authenticated or denied by a RADIUS server are aged out if no
traffic is received from the MAC address for a certain period of time:
• Authenticated MAC addresses or non-authenticated MAC addresses that have been placed in
the restricted VLAN are aged out if no traffic is received from the MAC address over the device
normal MAC aging interval.
• Non-authenticated MAC addresses that are blocked by the device are aged out if no traffic is
received from the address over a fixed hardware aging period (70 seconds), plus a
configurable software aging period. (Refer to the next section for more information on
configuring the software aging period).