Switch Commands in Use by the Switch Plugin CounterACT® Technical Note
Updated for Switch Plugin 8.9.4 10
The Switch Plugin is alerted about endpoint connections and disconnections, due to
either receipt from a switch device of an SNMP trap or when reading the MAC
Address table.
In the Console, work with actions in any of the following ways:
Manually initiate on a selected endpoint from the Detections pane of the
NAC tab.
Add/edit a policy and incorporate use of the action from the Policy Manager
pane of the Policy tab.
Modify Port Configuration
Accompanying any restrict action, the Switch Plugin also always writes to the switch
device to perform a modify port configuration operation. The Switch Plugin carries
out the modify port configuration as part of a restrict action being either performed
on or canceled for a connected or disconnected endpoint.
The following switch commands are used by the Switch Plugin to perform a modify
port configuration operation:
Connection
Method
CLI Commands Console
Options
Notes
CLI
interface <interface
name>
description <new
description>
no description
show running-config
interface <interface
name>|include description
Set port alias
on action
- Option location in
Console: Permissions
tab > Advanced >
Switch Advanced
Settings window >
Settings section
- The plugin performs
both the
config t and
the interface
commands with all
restrict actions.
- Only when Set port
alias on action is
enabled, does the plugin
also perform both the
description and the
show running-config
interface
commands
with restrict actions.
Access Port ACL
Use Access Port ACL, a restrict action, to define an ACL that addresses one or more
than one access control scenario, which is then applied to an endpoint’s switch
access port. Access control scenarios are typically role or classification driven, for
example, registered guest or compliance, and not endpoint IP specific. For example,
implement an ACL action that denies corporate network access to guests but permits
Internet access, regardless of endpoint IP address (no IP address dependency). This