–>> The access switch sends an SNMP trap to CounterACT, which is now aware of a new MAC address online and the port to which it is connected.
–>> The endpoint communicates through the network and the access switch sees its traffic.
–>> CounterACT monitors mirrored DHCP traffic from the access switch by IP-Helper and sees the endpoint’s IP address.
–> CounterACT profiles the endpoint’s IP address to determine what it is and begins policy evaluation to ascertain ownership and compliance.
–>> Simultaneously, counteract queries the relevant ARP table residing on the same or a separate network device using Expedite IP Discovery, mapping the known MAC address and switch port to the IP address that is being profiled.
–>> CounterACT places a control action on the switch port, provided the endpoint falls within an active control policy
CounterACT first detects a new
endpoint connecting to the network, and then determines the device type
(classification). Next, the clarification policy stage determines whether the
device is owned by the organization, in which case it is passed on to
compliance assessment and remediation (or IT staff notification) if necessary.
Guest and BYOD devices are checked for registration credentials and either
connected to a limited-access subnet or blocked (denied access)