Configuration Guide User guide
1906 FastIron Configuration Guide
53-1002494-02
Web authentication options configuration
Forcing re-authentication after an inactive period
You can force Web Authenticated hosts to be re-authenticated if they have been inactive for a
period of time. The inactive duration is calculated by adding the mac-age-time that has been
configured for the device and the configured authenticated-mac-age-time. (The mac-age-time
command defines how long a port address remains active in the address table.) If the
authenticated host is inactive for the sum of these two values, the host is forced to be
re-authenticated.
To force authenticated hosts to re-authenticate after a period of inactivity, enter commands such as
the following.
Brocade(config)#mac-age-time 600
Brocade(config)#vlan 23
Brocade(config-vlan-23)webauth
Brocade(config-vlan-23-webauth)#reauth-time 303
Brocade(config-vlan-23-webauth)#authenticated-mac-age-time 300
Syntax: [no] authenticated-mac-age-time <seconds>
You can enter a value from 0 to the value entered for reauth-time. The default is 3600.
Refer to “Changing the MAC age time and disabling MAC address learning” on page 560 for details
on the mac-age-time command. The default mac-age-time is 300 seconds and can be configured
to be between 60 and 600 on the FastIron switch. If it is configured to be 0, then the MAC address
does not age out due to inactivity.
Defining the web authorization redirect address
When a user enters a valid URL address (one that exists), the user is redirected to a Web
Authentication address and the Welcome page for Web Authentication is displayed. By default, this
Web Authentication address is the IP address of the FastIron switch. You can change this address
so that the address matches the name on the security certificates.
To change the address on a Layer 2 switch, enter a command such as the following at the global
configuration level.
Brocade(config)#webauth-redirect-address my.domain.net
To change the address on a Layer 3 switch, enter a command such as the following at the Web
Authentication VLAN level.
Brocade(config-vlan-10-webauth)#webauth-redirect-address my.domain.net
Entering "my.domain.net" redirects the browser to https://my.domain.net/ when the user enters a
valid URL on the Web browser.
Syntax: [no] webauth-redirect-address <string>
For <string>, enter up to 64 alphanumeric characters. You can enter any value for <string>, but
entering the name on the security certificate prevents the display of error messages saying that the
security certificate does not match the name of the site.
Deleting a web authentication VLAN
To delete a Web Authentication VLAN, enter the following commands: