A job with the Quarantine Endpoint action quarantines the endpoint from the network. You can choose between various isolation levels for different methods of quarantining the endpoint.
For more generic information about job creation, see Creating a job.
To run a Quarantine Endpoint action
- On the Add Job page, select Add Action > Endpoint Actions > Quarantine Endpoint.
Enter information in the following fields:
(Optional) Annotation assigned to the action.
According to your security rights, allows you to select the Entire Network, Realm, Group, or Multiple Devices. When the Bounding Span is Realm or Group, you can use Filter Devices to select which devices to include in the action. Only routers and switches in this bounding span are visited while searching for the endpoint.
Enter the IP address of the endpoint to be quarantined.
Select the isolation level to use for quarantining the endpoint from the network. You can choose from the following levels:
Completely shuts down the switch port on which the endpoint is connected.
Block Endpoint via ACL
Configures an ACL entry to block all IP packets to/from the endpoint.
Note: The ACL is applied to the VLAN to which the endpoint belongs. If the switch does not support VLAN ACLs, then it is applied to the port on which the endpoint was seen.
Remediate Endpoint via ACL
Configures an ACL entry to block all IP packets to/from the endpoint except those involving a remediation server that you specify in the Remediation Address field.
Note: The ACL is applied to the VLAN to which the endpoint belongs. If the switch does not support VLAN ACLs then it is applied to the port on which the endpoint was seen.
Remediate Endpoint via VLAN
Changes the VLAN membership of the switch port associated with the endpoint to a remediation VLAN that you specify in the Remediation VLAN field. After quarantine, the endpoint is accessible only from the remediation VLAN network.
Select any of the following options, as relevant:
Disable Port Even if Shared by Other Endpoints:
(Disable Port isolation level only) Proceed with disabling the port even if other endpoints are using the same port.
Change VLAN of Port Even If Shared By Other Endpoints
Proceed with changing the port's VLAN even if other endpoints are using the same port.
Mark as Trusted
If the endpoint action completes successfully, mark the resulting Running configuration as trusted.
If the endpoint action completes successfully, copy the device's Running configuration to the Startup. This ensures that if the device reboots, the changes have been committed.
- Click OK to add the action to the job.
After a job is run, the Job details page displays the input parameters and the completion status (for example, Succeeded).
- Select the status value in the Job details page to view the results in a pop-up window. The result shows the name of the managing switch and port, the traceroute transcript, and a list of the devices traversed by the action.
After executing the Quarantine Endpoint action, you can generate a quarantine report by navigating to Reports > Status Reports > Quarantine.