User Guide
OmniAccess SafeGuard OS Administration Guide
217
Chapter 6: Configuring Authentication and Role Derivation
device. When traffic arrives in other directions, it is not examined. To enable port
checking, use the following Global Configuration command:
aaa session-tracking do-port-check
Verify the setting of the port check using the show aaa debug command in Global
Configuration mode.
To disable the checking of ingress interface, use the no version of the command:
no aaa session-tracking do-port-check
This command has no options or parameters.
Enabling Safe Mode
Under some circumstances, such as an SMB mount, the protocol traffic is identical to a
login. To avoid these false login failures, run in safe mode. When safe mode is enabled,
failed logins are ignored. Safe mode is also useful when users enter incorrect passwords
to unlock their stations and there are processes running that require network
connectivity. If safe mode is disabled, the user becomes unauthenticated on the device
with the first login failure.
Safe mode is enabled by default. If disabled, use the aaa session-tracking safe-mode
command to enable it in Global Configuration mode.
aaa session-tracking safe-mode
This command has no options or parameters. Verify the setting of safe mode using the
show aaa debug command in Global Configuration mode.
Disabling Safe Mode
To reset safe mode to the default setting, use the no version of the command:
no aaa session-tracking safe-mode
This command has no options or parameters.
Displaying PDU Counters
To see various PDU counters for passive authentication, use the aaa debug command in
Global Configuration mode.
show aaa debug
SECURITY: Disabling of port checking is not recommended. When disabled,
users can replay previously successful login attempts and appear as
authenticated on the device.