Clearing authenticated mac addresses – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 267

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

247

53-1002601-01

Multi-device port authentication configuration

The MAC-to-IP mapping is checked against the Static ARP Inspection table or the DHCP Secure
table.

The Source Guard ACL entry is not written to the running configuration file. However, you can view
the configuration using the show auth-mac-addresses authorized-mac ip-addr. Refer to

“Viewing

the assigned ACL for ports on which source guard protection is enabled”

in the following section.

NOTE

The secure MAC-to-IP mapping is assigned at the time of authentication and remains in effect as
long as the MAC session is active. If the DHCP Secure table is updated after the session is
authenticated and while the session is still active, it does not affect the existing MAC session.

The Source Guard ACL permit entry is removed when the MAC session expires or is cleared.

To enable Source Guard Protection on a port on which multi-device port authentication is enabled,
enter the following command at the Interface level of the CLI.

Brocade(config)# interface ethernet 1/1/4
Brocade(config-if-e10000-1/1/4)# mac-authentication source-guard-protection
enable

Syntax: [no] mac-authentication source-guard-protection enable

Enter the no form of the command to disable SG protection.

Viewing the assigned ACL for ports on which source guard protection is enabled

Use the following command to view whether a Source Guard ACL or dynamic ACL is applied to ports
on which Source Guard Protection is enabled.

In the above output, for port 1/1/2, Source Guard Protection is enabled and the Source Guard ACL
is applied to the MAC session, as indicated by SG in the ACL column. For port 1/1/3, Source Guard
Protection is also enabled, but in this instance, a dynamic ACL (103) is applied to the MAC session.

Clearing authenticated MAC addresses

The Brocade device maintains an internal table of the authenticated MAC addresses (viewable with
the show authenticated-mac-address command). You can clear the contents of the authenticated
MAC address table either entirely, or just for the entries learned on a specified interface. In
addition, you can clear the MAC session for an address learned on a specific interface.

To clear the entire contents of the authenticated MAC address table, enter the clear auth-mac-table
command.

Brocade# clear auth-mac-table

Syntax: clear auth-mac-table

Brocade(config)# show auth-mac-addresses authorized-mac ip-addr
-------------------------------------------------------------------------------
MAC Address SourceIp Port Vlan Auth Age ACL dot1x
-------------------------------------------------------------------------------
0000.0010.2000 200.1.17.5 1/1/2 171 Yes Dis SG Ena
0000.0010.2001 200.1.17.6 1/1/3 171 Yes Dis 103 Ena

Advertising
Popular Brands
Popular manuals