Adaptive Network Control (ANC)
Overview
ANC (Adaptive Network Control) allows real-time network enforcement actions:
-
Quarantine - Isolate compromised endpoints
-
Port Bounce - Force re-authentication
-
Shutdown - Disable port completely
Commands
| Command | Description |
|---|---|
|
List available ANC policies |
|
List endpoints with ANC applied |
|
Apply ANC policy to endpoint |
|
Remove ANC policy from endpoint |
List ANC Policies
netapi ise get-anc-policies
netapi ise get-anc-policies --size 50 --page 2Options
--size, -s INTEGER Results per page (default: 100)
--page, -p INTEGER Page number (default: 1)List Endpoints with ANC
netapi ise get-anc-endpoints
netapi ise get-anc-endpoints --size 50 --page 2Options
--size, -s INTEGER Results per page (default: 100)
--page, -p INTEGER Page number (default: 1)Apply ANC Policy
# Quarantine an endpoint
netapi ise anc-apply C8:5B:76:C6:59:62 Quarantine
# Shut down port
netapi ise anc-apply 00:11:22:33:44:55 Shut_Down
# Port bounce (force reauth)
netapi ise anc-apply AA:BB:CC:DD:EE:FF Port_BounceClear ANC Policy
# Remove quarantine
netapi ise anc-clear C8:5B:76:C6:59:62
# Clear any ANC from endpoint
netapi ise anc-clear 00:11:22:33:44:55Use Cases
Incident Response Quarantine
#!/bin/bash
# Quarantine compromised endpoint
MAC="$1"
TICKET="$2"
echo "Quarantining $MAC for incident $TICKET"
netapi ise anc-apply "$MAC" Quarantine
# Log the action
echo "$(date) - Quarantined $MAC - Ticket: $TICKET" >> /var/log/ir-actions.logCommon ANC Policies
| Policy | Action | Use Case |
|---|---|---|
Quarantine |
Apply quarantine dACL |
Incident response isolation |
Port_Bounce |
CoA port bounce |
Force re-authentication |
Shut_Down |
Disable switch port |
Critical threat containment |
Related Commands
-
mnt session - Get session details before quarantine
-
get-endpoint - Verify endpoint details