Configuration Guide User guide
FastIron Configuration Guide 1897
53-1002494-02
Web authentication mode configuration
Enabling passcode authentication
To enable passcode authentication, enter the following command.
Brocade(config-vlan-10-webauth)#auth-mode passcode
This command enables Web Authentication to use dynamically-created passcodes to authenticate
users in the VLAN. If the configuration includes static passcodes, they are used in conjunction with
dynamically-created passcodes.
Syntax: [no]auth-mode passcode
Enter no auth-mode passcode to disable passcode authentication.
Configuring the length of dynamically-generated passcodes
By default, dynamically-generated passcodes are 4 digits in length, for example, 0123. If desired,
you can increase the passcode length to up to 16 digits. To do so, enter a command such as the
following at the Web Authentication level of the CLI.
Brocade(config-vlan-10-webauth)#auth-mode passcode length 10
The next dynamically-created passcode will be 10 digits in length, for example, 0123456789.
Syntax: auth-mode passcode length <value>
For <value>, enter a number from 4 to 16.
Configuring the passcode refresh method
Passcode authentication supports two passcode refresh methods:
• Duration of time – By default, dynamically-created passcodes are refreshed every 1440
minutes (24 hours). When refreshed, a new passcode is generated and the old passcode
expires. You can increase or decrease the duration of time after which passcodes are
refreshed, or you can configure the device to refresh passcodes at a certain time of day
instead of after a duration of time.
• Time of day – When initially enabled, the time of day method will cause passcodes to be
refreshed at 0:00 (12:00 midnight). If desired, you can change this time of day, and you can
add up to 24 refresh periods in a 24-hour period.
When a passcode is refreshed, the old passcode will no longer work, unless a grace period is
configured (refer to “Configuring a grace period for an expired passcode” on page 1898).
If a user changes the passcode refresh value, the configuration is immediately applied to the
current passcode. For example, if the passcode duration is 100 minutes and the passcode was
last generated 60 minutes prior, a new passcode will be generated in 40 minutes. However, if the
passcode duration is changed from 100 to 75 minutes, and the passcode was last generated 60
minutes prior, a new passcode will be generated in 15 minutes. Similarly, if the passcode duration
is changed from 100 to 50 minutes, and the passcode was last generated 60 minutes prior, the
passcode will immediately expire and a new passcode will be generated. The same principles
apply to the time of day passcode refresh method.
If you configure both duration of time and time of day passcode refresh values, they are saved to
the configuration file. You can switch back and forth between the passcode refresh methods, but
only one method can be enabled at a time.