set quarantine-agent

Use this command to enable or disable the quarantine agent on the switch.

Syntax

Parameters

Defaults

Quarantine agent is disabled by default.

Mode

All command modes.

Usage

The quarantine agent must be enabled globally on the switch and locally on the port to be operational on the port. See set quarantine-agent port for information on configuring quarantine agent authentication on the port.

The quarantine agent is a form of authentication that depends upon the existence of one or more configured quarantine policy rules, with each rule associated with a policy profile. To configure a policy rule as a quarantine profile, configure the policy rule with the desired traffic filtering specifications and specify the quarantine-profile rule option, indicating the associated policy profile. See set policy rule (S-, K-Series) for quarantine policy rule configuration details. See set policy profile for policy profile configuration details.

Once one or more quarantine policy rules are configured and associated with a policy profile, the quarantine authentication agent behaves as any other MultiAuth authentication agent. By default, the quarantine agent has the highest configurable MultiAuth precedence. Static rules have the highest multiauth precedence. Static rule MultiAuth precedence is not configurable.

There are two circumstance for which actions specified in a quarantine policy are used:

• A quarantine policy rule is hit. In this case, the quarantine agent becomes one of the authentication agents from which the authentication provisioning result will be chosen based upon MultiAuth precedence. So long as the default precedence is not changed, if a quarantine policy rule hit occurs, quarantine agent authentication is selected and any actions configured in the policy profile taken.
• An anti-spoofing class threshold has been met for which a quarantine action has been configured (see set antispoof class threshold-index).

Should you configure quarantine agent authentication for a lower MultiAuth precedence using set multiauth precedence, if a non-quarantine authentication agent both returns a result and has the highest MultiAuth precedence, quarantine agent authentication will not be used in that context. If you change the quarantine agent MultiAuth precedence level to a lower precedence, make sure this is the behavior you want.