Security

Reply
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Disabled Port

Hi Team,

 

You can disable the port on a switch, based on a policy ClearPass?

 

For example: The user is connected to the INTERFACE 0/1 switch. If the user is unknown, disable INTERFACE 0/1 switch.

 

Regards,

Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Disabled Port

Hi Team,

 

When a user connects to the router and the MAC is not recognized, for it to send a message to the router and disable the physical interface of the router.

 

The option is? 

 

For Example: subscriber:command=bounce-host-port

 

 

Attachment image

Guru Elite
Posts: 8,325
Registered: ‎09-08-2010

Re: Disabled Port

[ Edited ]

Try:

 

subscriber:command=disable-host-port

 

Why do you want to do it this way? I believe this will require manual intervention to re-enable the port. Why not just put them in a dead-end VLAN?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Disabled Port

[ Edited ]

Hi,

 

The customer wants this security. The command disables the port where the user is connecting?

 

Regards,

Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Disabled Port

The problem is that if you disable port how are you going to know when the user disconnects and a new device connects. You are better off putting the device in a deadened vlan or a block all acl/dacl
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Disabled Port

Ok, perfect.

 

I will propose the scheme mention

 

Thanks :smileyvery-happy:

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: