Deploying an Identity Aware Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Extreme Networks Application Note
* Slot-1 Stack.289 # show access-list dynamic counter
Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
* 1:2 ingress
unauthorized _ devices 9
5.3.3. UPM Script: Isolate Unauthorized Devices
In this section, we will use a sample script to:
A. Identify unauthorized devices using the NetBIOS hostname.
B. Isolate/Move the port (on which the device was discovered) to a custom VLAN called “unauthvlan”.
5.3.3.1. Profile Definition
The sample script used to move the port to a custom VLAN is given below:
* Slot-1 Stack.121 # show configuration “upm”
#
# Module upm configuration.
#
create upm profile unauth-hostnames
set var DISCOVERED _ VLAN corp
set var UNAUTH _ VLAN unauthvlan
enable cli scripting
configure cli mode non-persistent
if (!$match($EVENT.LOG _ EVENT,RecvKerberosTrig)) then
if ($match($EVENT.LOG _ PARAM _ 6,PRIMECORP) <= 9) then
configure vlan $DISCOVERED _ VLAN delete ports $EVENT.LOG _ PARAM _ 4
configure vlan $UNAUTH _ VLAN add ports $EVENT.LOG _ PARAM _ 4
endif
endif
.
5.3.3.2. Verifying Profile Triggers and Results of the Script
The following commands can be used to verify the UPM script execution, and the results:
* Slot-1 Stack.117 # show upm history
--------------------------------------------------------------------------------
Exec Event/ Profile Port Status Time Launched
Id Timer/ Log filter
--------------------------------------------------------------------------------
3 Log-Message(kerberos unauth-hostname --- Pass 2010-04-07 01:39:23
--------------------------------------------------------------------------------
Number of UPM Events in Queue for execution: 0
* Slot-1 Stack.118 # show upm history detail
UPM Profile: unauth-hostnames
Event: Log-Message(kerberosevents)
Profile Execution start time: 2010-04-07 01:39:23
Profile Execution Finish time: 2010-04-07 01:39:23
Execution Identifier: 3 Execution Status: Pass
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 65