EPS Quarantine and EPS UnQuarantine
Verification
This test verifies the ability of the third party system to execute a quarantine or network disconnect action on an endpoint on the network. This also verifies the ability of the third party system to unquarantine the endpoint by its MAC address.
Definition
The pxGrid client registers to an authorized EPS session group and subscribes to the ISE published EndPointProtection service capability, quarantines the IP address of the authenticated device, and unquarantines the authenticated device based on the MAC address.
Example
The client, user1, registers to the authorized EPS group and subscribes to the EndpointProtectionService capability. The eps_quarantine script quarantines user1 by the IP Address. DynAuthListener is used to simulate Change of Authorization (CoA) and perform the quarantine/unquarantine mitigation actions. The eps_quarantine script runs to quarantine the endpoint IP address. The eps_unquarantine script runs to unquarantine the endpoint by the MAC address. Note that the pxGrid client has subscribed to the EndpointProtection Service Capability.
- Run the multigroupclient script
Run the multigroupclient script
./multigroupclient.sh -a 192.168.1.23 -u SIM02 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123 -g EPS -d RadiuSimEPS Tests
Results
------- properties -------
version=1.0.2-30-SNAPSHOT
hostnames=192.168.1.23
username=SIM02
group=Session,ANC,EPS
description=RadiuSimEPS
keystoreFilename=alpha.jks
keystorePassword=cisco123
truststoreFilename=alpha_root.jks
truststorePassword=cisco123
--------------------------
13:54:57.950 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started
Connecting...
Connected
13:54:59.800 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected
Create ANC Policy: ANC1438538097569 Result - com.cisco.pxgrid.model.anc.ANCResult@612fc6eb[
ancStatus=SUCCESS
ancFailure=<null>
failureDescription=<null>
ancEndpoints=<null>
ancpolicies=<null>
]
Session 1.1.1.2 not found
Connection closed
13:55:00.434 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Stopped
- Select Administration > pxGrid Services
- Run DynAuthListener on the PC.
java -cp RadiusSimulator.jar DynAuthListener
The results:
- Select Administration > pxGrid Services
- Run the eps_quarantine script.
Run the eps_quarantine script
./eps_quarantine.sh -a 192.168.1.23 -u SIM02 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123
------- properties -------
version=1.0.2-30-SNAPSHOT
hostnames=192.168.1.23
username=SIM02
group=EPS
description=null
keystoreFilename=alpha.jks
keystorePassword=cisco123
truststoreFilename=alpha_root.jks
truststorePassword=cisco123
--------------------------
14:04:41.263 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started
Connecting...
Connected
14:04:42.619 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected
IP address (or <enter> to disconnect): 192.168.1.100
IP address (or <enter> to disconnect):
- The quarantine event is received by DynAuthListener.
- Open another command window on the PC, and run the RADIUS Simulator to authenticate user1.
- The quarantine event is received by DynAuthListener.
- Select Operations > RADIUS Living.
Note: The user has been quarantined.
- Run the eps_unquarantine script.
Run the eps_unquarantine script
./eps_unquarantine.sh -a 192.168.1.23 -u SIM02 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123
------- properties -------
version=1.0.2-30-SNAPSHOT
hostnames=192.168.1.23
username=SIM02
group=EPS
description=null
keystoreFilename=alpha.jks
keystorePassword=cisco123
truststoreFilename=alpha_root.jks
truststorePassword=cisco123
--------------------------
14:24:07.282 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started
Connecting...
Connected
14:24:10.852 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected
MAC address (or <enter> to disconnect): 11:11:11:11:11:11
MAC address (or <enter> to disconnect):
- Run the RADIUS Simulator to authenticate user1.
- Quarantine the event received by DynAuthListener.
- Select Operations > RADIUS Livelog.
