Super Contributor I

Disabled Port

Hi Team,


You can disable the port on a switch, based on a policy ClearPass?


For example: The user is connected to the INTERFACE 0/1 switch. If the user is unknown, disable INTERFACE 0/1 switch.



Super Contributor I

Re: Disabled Port

Hi Team,


When a user connects to the router and the MAC is not recognized, for it to send a message to the router and disable the physical interface of the router.


The option is? 


For Example: subscriber:command=bounce-host-port



Attachment image

Guru Elite

Re: Disabled Port





Why do you want to do it this way? I believe this will require manual intervention to re-enable the port. Why not just put them in a dead-end VLAN?

Tim Cappalli | Aruba Security TME
@timcappalli | | ACMX #367 / ACCX #480
Super Contributor I

Re: Disabled Port



The customer wants this security. The command disables the port where the user is connecting?




Re: Disabled Port

The problem is that if you disable port how are you going to know when the user disconnects and a new device connects. You are better off putting the device in a deadened vlan or a block all acl/dacl
Thank You,

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I

Re: Disabled Port

Ok, perfect.


I will propose the scheme mention


Thanks :smileyvery-happy:



Search Airheads
Showing results for 
Search instead for 
Did you mean: