Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Disabled Port

This thread has been viewed 2 times

  • 1.  Disabled Port

    Posted Jul 11, 2014 04:48 PM

    Hi Team,

     

    You can disable the port on a switch, based on a policy ClearPass?

     

    For example: The user is connected to the INTERFACE 0/1 switch. If the user is unknown, disable INTERFACE 0/1 switch.

     

    Regards,



  • 2.  RE: Disabled Port

    Posted Jul 11, 2014 06:17 PM
      |   view attached

    Hi Team,

     

    When a user connects to the router and the MAC is not recognized, for it to send a message to the router and disable the physical interface of the router.

     

    The option is? 

     

    For Example: subscriber:command=bounce-host-port

     

     

    Attachment image



  • 3.  RE: Disabled Port
    Best Answer

    EMPLOYEE
    Posted Jul 11, 2014 06:23 PM

    Try:

     

    subscriber:command=disable-host-port

     

    Why do you want to do it this way? I believe this will require manual intervention to re-enable the port. Why not just put them in a dead-end VLAN?



  • 4.  RE: Disabled Port

    Posted Jul 11, 2014 06:26 PM

    Hi,

     

    The customer wants this security. The command disables the port where the user is connecting?

     

    Regards,



  • 5.  RE: Disabled Port

    EMPLOYEE
    Posted Jul 11, 2014 06:31 PM
    The problem is that if you disable port how are you going to know when the user disconnects and a new device connects. You are better off putting the device in a deadened vlan or a block all acl/dacl


  • 6.  RE: Disabled Port

    Posted Jul 11, 2014 06:43 PM

    Ok, perfect.

     

    I will propose the scheme mention

     

    Thanks :smileyvery-happy: