Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

request services user-identification authentication-table delete

 

Syntax

Release Information

Command introduced in Junos OS Release 12.3X48-D30.

Description

Delete entries from the ClearPass authentication table based on the IP address of the user’s device, or on the authentication source and the name of a domain, a group, or a user. When only the authentication source is specified, the entire ClearPass authentication table is deleted. For the integrated ClearPass authentication and enforcement feature, the authentication source is always aruba-clearpass.

Options

ip-addressDeletes a user authentication entry from the ClearPass authentication table, and the Active Directory (AD) table, based on the IP address of the user’s device.
Note

Starting with Junos OS Release 15.1X49-D130, SRX Series device supports to delete IPv6 addresses if IPv6 addresses were configured.

authentication-source Deletes user entries from the ClearPass authentication table. In the CLI, ClearPass as the authentication source is referred to by the value aruba-clearpass as is the ClearPass authentication table. To identify the user entries to be deleted, you specify a domain, a group, or a username.
domain-nameDeletes from the ClearPass authentication table user entries for users who belong to the specified domain.
group group-nameDeletes the entry entry from the ClearPass authentication table for users who belong to the group, regardless of whether they belong to other groups.
user user-nameDeletes the entry for the specified user from the ClearPass authentication table.

Required Privilege Level

maintenance

List of Sample Output

request services user-identification authentication-table delete ip-address

request services user-identification authentication-table delete authentication-source aruba-clearpass domain

request services user-identification authentication-table delete authentication-source aruba-clearpass group

request services user-identification authentication-table delete authentication-source aruba-clearpass

Output Fields

The following examples cover how to delete various user entries from the ClearPass authentication table based on the specified parameter. It also shows how to check to ensure that the user entries were deleted successfully.

Sample Output

request services user-identification authentication-table delete ip-address

The following command deletes the entry for the user whose device IP address is specified.

user@host> request services user-identification authentication-table delete ip-address 50.0.0.1

user@host> request services user-identification authentication-table delete ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2

Before you delete the entry:

To ensure that the entry exists in the ClearPass authentication table, use the following command to display the entry for the user. Note that the ClearPass authentication table includes the user entry with the IP address 50.0.0.1 and 2001:db8:4136:e378:8000:63bf:3fff:fdd2.

user@host> show services user-identification authentication-table ip-address 50.0.0.1
user@host> show services user-identification authentication-table ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2

After you delete the user entry associated with the IP address, enter the command again to verify that the entry has been deleted.

user@host> show services user-identification authentication-table ip-address 50.0.0.1
user@host> show services user-identification authentication-table ip-address 2001:db8:4136:e378:8000:63bf:3fff:fdd2

request services user-identification authentication-table delete authentication-source aruba-clearpass domain

The following command deletes the specified domain. user@host> request services user-identification authentication-table delete authentication-source domain global

Before you delete the domain contents from the ClearPass authentication table, use the following command to display the domain information to ensure that it exists. Note that the ClearPass authentication table includes the global domain.

user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain global extensive

After you delete the domain, use the command again to verify that the domain and its user members was deleted.

user@host> show services user-identification authentication-table authentication-source aruba-clearpass domain global

request services user-identification authentication-table delete authentication-source aruba-clearpass group

The following command deletes the entries for any users who belong to the group posture-healthy.

user@host> request services user-identification authentication-table delete authentication-source aruba-clearpass group posture-healthy

Before you delete the group contents from the ClearPass authentication table, use the following command to display it to ensure that the group is used in some user entries. Notice that the appropriate user entries contain the posture-healthy group.

Enter the show services user-identification authentication-table authentication-source aruba-clearpass group posture-healthy to display the entries for the users who belong to the group posture-healthy.

Notice that the group name does not show up in the column for groups referenced by policy because it is not one. Notice, too, that the output contains information for only those users who belong to the group. It does not include an entry for the user abew1, who does not belong to the group.

After you delete the group, use the command again to verify that it has been deleted.

user@host> show services user-identification authentication-table authentication-source aruba-clearpass group posture-healthy

For further verification, you can use the following command to check the entry for one of the users who belonged to the group:

user@host> show services user-identification authentication-table authentication-source aruba-clearpass user viki2

request services user-identification authentication-table delete authentication-source aruba-clearpass

The following command deletes the ClearPass authentication table (aruba-clearpass).

user@host> request services user-identification authentication-table delete authentication-source aruba-clearpass

Before you delete the ClearPass authentication table, use the following command to display it to ensure that the table exists.

user@host> show services user-identification authentication-table authentication-source aruba-clearpass

To verify that you deleted the authentication table successfully, enter the command again:

user@host> show services user-identification authentication-table authentication-source aruba-clearpass