Configuring a grace period for an expired passcode, Disabling and re-enabling passcode logging – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 302
hh:mm is the hour and minutes. If you do not enter a value for hh:mm , by default, passcodes will be
refreshed at 00:00 (12:00 midnight). You can configure up to 24 refresh times. Each must be at least
five minutes apart.
Enter the no form of the command to remove the passcode refresh time of day.
Resetting the passcode refresh time of day configuration
If the FastIron switch is configured to refresh passcodes several times during the day (time of day
configuration), you can use the following comand to delete all of the configured times and revert back
to the default time of 00:00 (12 midnight).
device(config-vlan-10-webauth)# auth-mode passcode refresh-type time delete-all
Syntax: auth-mode passcode refresh-type time delete-all
Configuring a grace period for an expired passcode
You can optionally configure a grace period for an expired passcode. The grace period is the period of
time that a passcode will remain valid, even after a new passcode is generated. For example, if a five
minute grace period is set and the passcode 1234 is refreshed to 5678, both passcodes will be valid
for five minutes, after which the 1234 passcode will expire and the 5678 passcode will remain in effect.
To configure the grace period for an expired passcode, enter a command such as the following.
device(config-vlan-10-webauth)# auth-mode passcode grace-period 5
Syntax: auth-mode passcode grace-period value
value is a number between 0 and 5 minutes. 0 means there is no grace period.
NOTE
If the grace period is re-configured while a passcode is already in the grace period, the passcode is
not affected by the configuration change. The new grace period will apply only to passcodes that
expire after the new grace period is set.
Flushing all expired passcodes that are in the grace period
You can delete old passcodes that have expired but are still valid because they are in the grace
period. This feature is useful in situations where the old passcodes have been compromised but are
still valid because of the grace period. This feature does not affect current valid passcodes or
passcodes that newly expire.
To flush out all expired passcodes that are currently in the grace period, enter the following command.
device(config-vlan-10-webauth)# auth-mode passcode flush-expired
Syntax: auth-mode passcode flush-expired
Disabling and re-enabling passcode logging
The software generates a Syslog message and SNMP trap message every time a new passcode is
generated and passcode authentication is attempted,. This is the default behavior. If desired, you can
disable passcode-related Syslog messages or SNMP trap messages, or both.
Configuring a grace period for an expired passcode
302
FastIron Ethernet Switch Security Configuration Guide
53-1003088-03