Forcing re-authentication after an inactive period

You can force Web Authentication hosts to be re-authenticated if they have been inactive for a period of time. The inactive duration is calculated by adding the mac-age-time that has been configured for the device and the configured authenticated-mac-age-time. (The mac-age-time command defines how long a port address remains active in the address table.) If the authenticated host is inactive for the sum of these two values, the host is forced to be re-authenticated.

To force authenticated hosts to re-authenticate after a period of inactivity, enter commands such as the following. 

device(config)# mac-age-time 600
device(config)# vlan 23
device(config-vlan-23)# webauth
device(config-vlan-23-webauth)# reauth-time 303
device(config-vlan-23-webauth)# authenticated-mac-age-time 300

In the authenticated-mac-age-time command, you can specify a value from 0 through the value entered for the reauth-time command. The default is 3600.

Refer to "Changing the MAC age time and disabling MAC address learning" section in the Brocade FastIron Layer 2 Switching Configuration Guide for details on the mac-age-time command. The default value for the mac-age-time command is 300 seconds and can be configured to be 0 or a value between 60 and 600 on the FastIron switch. If it is configured to be 0, then the MAC address does not age out due to inactivity.

Parent topic: Web Authentication options configuration