Security

Reply
Super Contributor I

Disabled Port

Hi Team,

 

You can disable the port on a switch, based on a policy ClearPass?

 

For example: The user is connected to the INTERFACE 0/1 switch. If the user is unknown, disable INTERFACE 0/1 switch.

 

Regards,

Super Contributor I

Re: Disabled Port

Hi Team,

 

When a user connects to the router and the MAC is not recognized, for it to send a message to the router and disable the physical interface of the router.

 

The option is? 

 

For Example: subscriber:command=bounce-host-port

 

 

Attachment image

Guru Elite

Re: Disabled Port

Try:

 

subscriber:command=disable-host-port

 

Why do you want to do it this way? I believe this will require manual intervention to re-enable the port. Why not just put them in a dead-end VLAN?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: Disabled Port

Hi,

 

The customer wants this security. The command disables the port where the user is connecting?

 

Regards,

Aruba

Re: Disabled Port

The problem is that if you disable port how are you going to know when the user disconnects and a new device connects. You are better off putting the device in a deadened vlan or a block all acl/dacl
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I

Re: Disabled Port

Ok, perfect.

 

I will propose the scheme mention

 

Thanks :smileyvery-happy:

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: