We will enable the quarantine agent on the switch, but only turn it on for the 802.1x, MAC, and CEP authentication contexts.
For a quarantine policy example we will create a rule for forwarding UDP source port 67 which is normally used for DHCP traffic and associate it with the dhcpQuarantine policy profile. We want to disable any port not connected to a DHCP server if attempts to forward any DHCP traffic occurs. The following CLI input
We enable the quarantine agent at the port level within the appropriate 802.1, MAC, and CEP authentication discussions.
System(rw)->set quarantine-agent enable System(rw)->set policy rule 1 udpportsourceip 67 mask 16 forward quarantine-profile 1 System(rw)->set policy profile 1 name dhcpQuarantine disable-port enable