Important

   

Starting from version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about TrueSight Network Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Network Automation 8.9.

Quarantining endpoints

A job with the Quarantine Endpoint action quarantines the endpoint from the network. You can choose between various isolation levels for different methods of quarantining the endpoint.

For more generic information about job creation, see Creating a job.

To run a Quarantine Endpoint action

  1. On the Add Job page, select Add Action > Endpoint Actions > Quarantine Endpoint.

     
  2. Enter information in the following fields:

    Field

    Description

    Annotation

    (Optional) Annotation assigned to the action.

    Bounding Span

    According to your security rights, allows you to select the Entire Network, Realm, Group, or Multiple Devices. When the Bounding Span is Realm or Group, you can use Filter Devices to select which devices to include in the action. Only routers and switches in this bounding span are visited while searching for the endpoint.

    Endpoint Address

    Enter the IP address of the endpoint to be quarantined.

  3. Select the isolation level to use for quarantining the endpoint from the network. You can choose from the following levels:

    Isolation level

    Description

    Disable Port

    Completely shuts down the switch port on which the endpoint is connected.

    Block Endpoint via ACL

    Configures an ACL entry to block all IP packets to/from the endpoint.

    Note: The ACL is applied to the VLAN to which the endpoint belongs. If the switch does not support VLAN ACLs, then it is applied to the port on which the endpoint was seen.

    Remediate Endpoint via ACL

    Configures an ACL entry to block all IP packets to/from the endpoint except those involving a remediation server that you specify in the Remediation Address field.

    Note: The ACL is applied to the VLAN to which the endpoint belongs. If the switch does not support VLAN ACLs then it is applied to the port on which the endpoint was seen.

    Remediate Endpoint via VLAN

    Changes the VLAN membership of the switch port associated with the endpoint to a remediation VLAN that you specify in the Remediation VLAN field. After quarantine, the endpoint is accessible only from the remediation VLAN network.

  4. Select any of the following options, as relevant:

    Check box

    Description

    Disable Port Even if Shared by Other Endpoints:

    (Disable Port isolation level only) Proceed with disabling the port even if other endpoints are using the same port.

    Change VLAN of Port Even If Shared By Other Endpoints

    Proceed with changing the port's VLAN even if other endpoints are using the same port.

    Mark as Trusted

    If the endpoint action completes successfully, mark the resulting Running configuration as trusted.

    Commit

    If the endpoint action completes successfully, copy the device's Running configuration to the Startup. This ensures that if the device reboots, the changes have been committed.

  5. Click OK to add the action to the job.
    After a job is run, the Job details page displays the input parameters and the completion status (for example, Succeeded).
  6. Select the status value in the Job details page to view the results in a pop-up window. The result shows the name of the managing switch and port, the traceroute transcript, and a list of the devices traversed by the action.

Tip

After executing the Quarantine Endpoint action, you can generate a quarantine report by navigating to Reports > Status Reports > Quarantine.

Was this page helpful? Yes No Submitting... Thank you

Comments