Configuring the Quarantine Agent

We will enable the quarantine agent on the switch, but only turn it on for the 802.1x, MAC, and CEP authentication contexts.

For a quarantine policy example we will create a rule for forwarding UDP source port 67 which is normally used for DHCP traffic and associate it with the dhcpQuarantine policy profile. We want to disable any port not connected to a DHCP server if attempts to forward any DHCP traffic occurs. The following CLI input

  • Enables the quarantine agent on the switch
  • Sets policy rule 1 to hit when forwarding traffic occurs on UDP source port 67 and specifies that the rule is assigned to policy profile 1 as a quarantine profile.
  • Names the policy profile dhcpQuarantine and sets the action to disable the port should a hit occur for rule 1.

We enable the quarantine agent at the port level within the appropriate 802.1, MAC, and CEP authentication discussions.

System(rw)->set quarantine-agent enable
System(rw)->set policy rule 1 udpportsourceip 67 mask 16 forward quarantine-profile 1
System(rw)->set policy profile 1 name dhcpQuarantine disable-port enable