dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
21

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to Uncle Paul

MVM

to Uncle Paul

Re: Switch Connection Limits/Throttling

said by Uncle Paul:

Is it possible to set a switch to disable a port or move the port's traffic to a walled garden vlan if it exceeds a specified number of connection attempts within a given time frame?

when you say "authentication attempts" -- what exactly are you authenticating against? if you already have an 'ise' infrastructure using dot1x for switchport authentication -- the settings are available. in this case -- you use dot1x on the switch to authenticate against your a/d infrastructure -- if it exceeds, it can be walled using a dacl to be completely isolated or it can be disabled.

q.

Uncle Paul
join:2003-02-04
USA

Uncle Paul

Member

I didn't say "authentication attempts", I said "connection attempts".

For example if a piece of malware got on a system and started to run port scans or spew spam out (can't block 25). I worked at a facility once where the network team rolled out an edge NAC solution (Cisco switches/Cisco Clean Access) that would disable the port if X number of connection attempts occurred over a certain period of time. Workstations seemed to be ok, but if you tried to run a server or run NMAP over a workstation attached to such switch, it would knock the port off.

I've since moved to another company and it might be usable here, but I'm not sure how they did it.

Thanks!