Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device has a block on the port of the switch using the device identifier and the port identifier. The threat management server determines a block timeout period for the endpoint device and the port on the switch has expired. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the block timeout period for the endpoint device and the port on the switch has expired.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device is present in the black list using the device identifier. The threat management server determines the endpoint device has a block on the port of the switch using the port identifier. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the endpoint device has the block on the port of the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server identifies the endpoint device for removal in response to receiving the device identifier. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period. The threat management server blocks the endpoint device from accessing the network via the port on the switch in response to identifying the endpoint device for removal.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in the device log file using the device identifier. The threat management server determines the number of times the device has failed authentication exceeds a first threshold value within a first time period and determines the number of times the device has passed authentication is less than a second threshold value within a second time period. The threat management engine determines the device does not have a lease for the port on the switch and blocks the device from accessing the network via the port on the switch in response to identifying the device for removal.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A device blocking tool includes a user interface, a location engine, and a connection engine. The user interface receives at least one of a MAC address of a device and an IP address of the device. The location engine communicates a query to an access control server, receives a response, and determines, based on the response, that the device connected to a network through a wired connection. In response to a determination that the device connected through the wired connection, the location engine determines a switch through which the device connected. The location engine also determines a VLAN through which the device connected and determines, based on a type associated with the VLAN, that the device is an IP telephone. The connection engine connects to the determined switch in response to the determination that the device connected through the wired connection.

Abstract: A wireless device blocking tool includes a user interface, a location engine, and a connection engine. The user interface receives at least one of a MAC address and an IP address of a device. The location engine communicates a query to an access control server, receives a response from the access control server, and determines, based on the response, whether the device connected to a network through a wireless connection or a wired connection. If the device connected through the wireless connection, the location engine determines a WLC through which the device connected and if the device connected through the wired connection, the location engine determines a switch through which the device connected. The connection engine connects to the determined WLC if the device connected through the wireless connection and connects to the determined switch if the device connected through the wired connection.

Abstract: A wireless device blocking tool includes a user interface, a location engine, a retrieval engine, and an update engine. The user interface receives at least one of a MAC address of a device and an IP address of the device. The location engine communicates a query to an access control server, receives a response from the access control server in response to communicating the query, and determines, based on the response, that the device connected to a network through a wireless connection. The location engine also determines a WLC through which the device connected. The retrieval engine retrieves, from the WLC, an access control list. The update engine disconnects the device from the VLAN and reconnects the device through a second VLAN.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device has a block on the port of the switch using the device identifier and the port identifier. The threat management server determines a block timeout period for the endpoint device and the port on the switch has expired. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the block timeout period for the endpoint device and the port on the switch has expired.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device is present in the black list using the device identifier. The threat management server determines the endpoint device has a block on the port of the switch using the port identifier. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the endpoint device has the block on the port of the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server identifies the endpoint device for removal in response to receiving the device identifier. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period. The threat management server blocks the endpoint device from accessing the network via the port on the switch in response to identifying the endpoint device for removal.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in the device log file using the device identifier. The threat management server determines the number of times the device has failed authentication exceeds a first threshold value within a first time period and determines the number of times the device has passed authentication is less than a second threshold value within a second time period. The threat management engine determines the device does not have a lease for the port on the switch and blocks the device from accessing the network via the port on the switch in response to identifying the device for removal.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A device blocking tool includes a user interface, a location engine, a retrieval engine, and an update engine. The user interface receives at least one of a MAC address and an IP address of a device. The location engine communicates a query to an access control server, receives a response, and determines, based on the response, that the device connected to a network through a wired connection. In response that determination, the location engine determines a switch through which the device connected. The location engine also determines a number identifying a VLAN through which the device connected and determines that the device is an IP telephone. The retrieval engine retrieves an access control list. The update engine disconnects the device from the VLAN and reconnects the device through a second VLAN.