tubbynetreminds me of the danse russePremium,MVM
|reply to Uncle Paul |
Re: Switch Connection Limits/Throttling
said by Uncle Paul:
Is it possible to set a switch to disable a port or move the port's traffic to a walled garden vlan if it exceeds a specified number of connection attempts within a given time frame?
when you say "authentication attempts" -- what exactly are you authenticating against? if you already have an 'ise' infrastructure using dot1x for switchport authentication -- the settings are available. in this case -- you use dot1x on the switch to authenticate against your a/d infrastructure -- if it exceeds, it can be walled using a dacl to be completely isolated or it can be disabled.
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."
I didn't say "authentication attempts", I said "connection attempts".
For example if a piece of malware got on a system and started to run port scans or spew spam out (can't block 25). I worked at a facility once where the network team rolled out an edge NAC solution (Cisco switches/Cisco Clean Access) that would disable the port if X number of connection attempts occurred over a certain period of time. Workstations seemed to be ok, but if you tried to run a server or run NMAP over a workstation attached to such switch, it would knock the port off.
I've since moved to another company and it might be usable here, but I'm not sure how they did it.