3Com WX2200 3CRWX220095A Switch User Manual


 
552 CHAPTER 24: CONFIGURING SODA ENDPOINT SECURITY FOR A WX SWITCH
To reset the failure page to the default value, use the following
command:
clear service-profile name soda failure-page
The page refers to a file on the WX switch. After this page is loaded, the
specified remediation ACL takes effect, or if there is no remediation ACL
configured, then the client is disconnected from the network.
For example, the following command specifies failure.html, which is a file
in the root directory on the WX switch, as the page to load when a client
fails the SODA agent checks:
WX1200# set service-profile sp1 soda failure-page
failure.html
success: change accepted.
The following command specifies failure.html, in the soda-files directory
on the WX switch, as the page to load when a client fails the SODA agent
checks:
WX1200# set service-profile sp1 soda failure-page
soda-files/failure.html
success: change accepted.
Specifying a
Remediation ACL
If the SODA agent checks fail on a client, by default the client is
disconnected from the network. Optionally, you can specify a failure page
for the client to load (with the set service-profile soda failure-page
command, described above). You can optionally specify a remediation
ACL to apply to the client when the failure page is loaded. The
remediation ACL can be used to grant the client limited access to
network resources, for example:
To specify a remediation ACL to be applied to a client if it fails the checks
performed by the SODA agent, use the following command:
set service-profile name soda remediation-acl acl-name
To disable use of the remediation ACL for the service profile, use the
following command:
clear service-profile name soda remediation-acl
The acl-name refers to an existing security ACL. If there is no remediation
ACL configured for the service profile, then the client is disconnected
from the network when the failure page is loaded.