request services user-identification authentication-table delete
Syntax
request services user-identification authentication-table delete (ip-address ip-address | authentication-source (all | active-directory | authentication-source (domain domain-name | group group-name |user user-name) )
Description
Delete entries from the ClearPass authentication table based on the IP address of the user’s device, or on the authentication source and the name of a domain, a group, or a user. When only the authentication source is specified, the entire ClearPass authentication table is deleted. For the integrated ClearPass authentication and enforcement feature, the authentication source is always aruba-clearpass.
Options
| ip-address | Deletes a user authentication entry from the ClearPass authentication table, and the Active Directory (AD) table, based on the IP address of the user’s device. Note:
Starting with Junos OS Release 15.1X49-D130, SRX Series device supports to delete IPv6 addresses if IPv6 addresses were configured. |
||||||
| authentication-source | Deletes user entries from the ClearPass authentication table. In the CLI, ClearPass as the authentication source is referred to by the value aruba-clearpass as is the ClearPass authentication table. To identify the user entries to be deleted, you specify a domain, a group, or a username.
|
Required Privilege Level
maintenance
Output Fields
The following examples cover how to delete various user entries from the ClearPass authentication table based on the specified parameter. It also shows how to check to ensure that the user entries were deleted successfully.
Sample Output
- request services user-identification authentication-table delete ip-address
- request services user-identification authentication-table delete authentication-source aruba-clearpass domain
- request services user-identification authentication-table delete authentication-source aruba-clearpass group
- request services user-identification authentication-table delete authentication-source aruba-clearpass
request services user-identification authentication-table delete ip-address
The following command deletes the entry for the user whose device IP address is specified. user@host> request services user-identification authentication-table delete ip-address 50.0.0.1 user@host> request services user-identification authentication-table delete ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2
Before you delete the entry:
To ensure that the entry exists in the ClearPass authentication table, use the following command to display the entry for the user. Note that the ClearPass authentication table includes the user entry with the IP address 50.0.0.1 and 2001:db8:4136:e378:8000:63bf:3fff:fdd2.
user@host> show services user-identification authentication-table ip-address 50.0.0.1
Domain: GLOBAL
Source-ip: 50.0.0.1
Username: guest1
Groups:posture-healthy, guest, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2015-12-14
Access start time: 17:07:23
Last updated timestamp: 2015-12-22 05:50:47
Age time: 0
user@host> show services user-identification authentication-table ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2
Domain: GLOBAL
Source-ip: 2001:db8:4136:e378:8000:63bf:3fff:fdd2
Username: guest2
Groups:posture-healthy1, guest, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2015-12-14
Access start time: 17:07:23
Last updated timestamp: 2015-12-22 05:50:47
Age time: 0
After you delete the user entry associated with the IP address, enter the command again to verify that the entry has been deleted.
user@host> show services user-identification authentication-table ip-address 50.0.0.1 warning: “This IP address isn’t in authentication table.” user@host> show services user-identification authentication-table ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2 warning: “This IP address isn’t in authentication table.”
request services user-identification authentication-table delete authentication-source aruba-clearpass domain
The following command deletes the specified domain. user@host> request services user-identification authentication-table delete authentication-source domain global
Before you delete the domain contents from the ClearPass authentication table, use the following command to display the domain information to ensure that it exists. Note that the ClearPass authentication table includes the global domain.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain global extensive
Domain: GLOBAL
Total entries: 6
Source-ip: 10.0.0.1
Username: viki2
Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device,
corporate-limited, [user authenticated]
Groups referenced by policy:accounting-grp-and-company-device
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:20:30
Last updated timestamp: 2015-12-22 04:02:48
Age time: 0
Source-ip: 20.0.0.1
Username: abew1
Groups:posture-unknown, marketing-access-limited-grp, [user authenticated]
Groups referenced by policy:marketing-access-limited-grp
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:31:40
Last updated timestamp: 2015-12-22 04:18:48
Age time: 0
Source-ip: 30.0.0.1
Username: jxchan
Groups:posture-healthy, marketing-access-for-pcs-limited-group,
marketing-general, sales-limited, corporate-limited, [user authenticated]
Groups referenced by policy:marketing-access-for-pcs-limited-group
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:22:48
Last updated timestamp: 2015-12-22 05:46:21
Age time: 0
Source-ip: 40.0.0.1
Username: lchen1
Groups:posture-healthy, human-resources-grp, accounting-limited,
corporate-limited, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:21:37
Last updated timestamp: 2015-12-22 05:41:18
Age time: 0
Source-ip: 50.0.0.1
Username: guest1
Groups:posture-healthy, guest, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:10
Last updated timestamp: 2015-12-22 05:50:47
Age time: 0
Source-ip: 50.0.0.2
Username: guest2
Groups:posture-healthy, guest-device-byod, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:21
Last updated timestamp: 2015-12-22 05:52:44
Age time: 0
After you delete the domain, use the command again to verify that the domain and its user members was deleted.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain global warning: "There is no related auth entry in authentication-table."
request services user-identification authentication-table delete authentication-source aruba-clearpass group
The following command deletes the entries for any users who belong to the group posture-healthy.
user@host> request services user-identification authentication-table delete authentication-source aruba-clearpass group posture-healthy
Before you delete the group contents from the ClearPass authentication table, use the following command to display it to ensure that the group is used in some user entries. Notice that the appropriate user entries contain the posture-healthy group.
Domain: GLOBAL
Total entries: 6
Source-ip: 10.0.0.1
Username: viki2
Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device,
corporate-limited, [user authenticated]
Groups referenced by policy:accounting-grp-and-company-device
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:20:30
Last updated timestamp: 2015-12-22 04:02:48
Age time: 0
Source-ip: 20.0.0.1
Username: abew1
Groups:posture-unknown, marketing-access-limited-grp, [user authenticated]
Groups referenced by policy:marketing-access-limited-grp
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:31:40
Last updated timestamp: 2015-12-22 04:18:48
Age time: 0
Source-ip: 30.0.0.1
Username: jxchan
Groups:posture-healthy, marketing-access-for-pcs-limited-group,
marketing-general, sales-limited, corporate-limited, [user authenticated]
Groups referenced by policy:marketing-access-for-pcs-limited-group
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:22:48
Last updated timestamp: 2015-12-22 05:46:21
Age time: 0
Source-ip: 40.0.0.1
Username: lchen1
Groups:posture-healthy, human-resources-grp, accounting-limited,
corporate-limited, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:21:37
Last updated timestamp: 2015-12-22 05:41:18
Age time: 0
Source-ip: 50.0.0.1
Username: guest1
Groups:posture-healthy, guest, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:10
Last updated timestamp: 2015-12-22 05:50:47
Age time: 0
Source-ip: 50.0.0.2
Username: guest2
Groups:posture-healthy, guest-device-byod, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:21
Last updated timestamp: 2015-12-22 05:52:44
Age time: 0
Enter the show services user-identification authentication-table authentication-source aruba-clearpass group posture-healthy to display the entries for the users who belong to the group posture-healthy.
Notice that the group name does not show up in the column for groups referenced by policy because it is not one. Notice, too, that the output contains information for only those users who belong to the group. It does not include an entry for the user abew1, who does not belong to the group.
Domain: GLOBAL Source IP Username groups(Ref by policy) state 10.0.0.1 viki2 accounting-grp-and-company-dev Valid 30.0.0.1 jxchan marketing-access-for-pcs-limit Valid 40.0.0.1 lchen1 corporate-limited Valid 50.0.0.1 guest1 Valid 50.0.0.2 guest2 Valid
After you delete the group, use the command again to verify that it has been deleted.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass group posture-healthy warning: "There is no related auth entry in authentication-table."
For further verification, you can use the following command to check the entry for one of the users who belonged to the group:
user@host> show services user-identification authentication-table authentication-source aruba-clearpass user viki2 warning: "There is no related auth entry in authentication-table."
request services user-identification authentication-table delete authentication-source aruba-clearpass
The following command deletes the ClearPass authentication table (aruba-clearpass).
user@host> request services user-identification authentication-table delete authentication-source aruba-clearpass
Before you delete the ClearPass authentication table, use the following command to display it to ensure that the table exists.
user@host> show services user-identification authentication-table authentication-source aruba-clearpass
Domain: GLOBAL
Total entries: 6
Source-ip: 10.0.0.1
Username: viki2
Groups:posture-healthy, accounting-grp, accounting-grp-and-company-device,
corporate-limited, [user authenticated]
Groups referenced by policy:accounting-grp-and-company-device
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:20:30
Last updated timestamp: 2015-12-22 04:02:48
Age time: 0
Source-ip: 20.0.0.1
Username: abew1
Groups:posture-unknown, marketing-access-limited-grp, [user authenticated]
Groups referenced by policy:marketing-access-limited-grp
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:31:40
Last updated timestamp: 2015-12-22 04:18:48
Age time: 0
Source-ip: 30.0.0.1
Username: jxchan
Groups:posture-healthy, marketing-access-for-pcs-limited-group,
marketing-general, sales-limited, corporate-limited, [user authenticated]
Groups referenced by policy:marketing-access-for-pcs-limited-group
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:22:48
Last updated timestamp: 2015-12-22 05:46:21
Age time: 0
Source-ip: 40.0.0.1
Username: lchen1
Groups:posture-healthy, human-resources-grp, accounting-limited,
corporate-limited, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:21:37
Last updated timestamp: 2015-12-22 05:41:18
Age time: 0
Source-ip: 50.0.0.1
Username: guest1
Groups:posture-healthy, guest, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:10
Last updated timestamp: 2015-12-22 05:50:47
Age time: 0
Source-ip: 50.0.0.2
Username: guest2
Groups:posture-healthy, guest-device-byod, [user authenticated]
State: Valid
Source: Aruba ClearPass
Access start date: 2016-03-08
Access start time: 17:23:21
Last updated timestamp: 2015-12-22 05:52:44
Age time: 0
To verify that you deleted the authentication table successfully, enter the command again:
user@host> show services user-identification authentication-table authentication-source aruba-clearpass warning: "There is no authentication-table entry."
Release Information
Command introduced in Junos OS Release 12.3X48-D30.