Cisco Cisco ASA 5555-X Adaptive Security Appliance 安装指南

For VMware DVS and Bare Metal (in bridged mode), two attributes (filters) are automatically 
created when an end point is quarantined, one attribute for the IP address and one attribute 
for the MAC address. Therefore, to remove the quarantine, you must delete both attributes.

If the quarantine was not successful (no uSeg attributes were created), you can manually 
quarantine the IP address, as described in the next section.

If the quarantine was unsuccessful, optionally complete the following steps to manually quarantine the 
IP address.

Identify the IP address of the end point that you want to quarantine.

On the Analysis tab on the FMC GUI, select the Correlation > Status sub-tab.

On the Remediation Status page, find the time stamp of entry for the unsuccessful quarantine 
and make note of the source IP address.

On the Operations tab, select EP Tracker, enter the IP address, and press Enter.

If no information is displayed, the end point cannot be quarantined. If more than one IP 
address is displayed, look for the one in the offending tenant.

If you can identify the EPG of the end point that you want to quarantine, create a uSeg EPG 
attribute corresponding to this end point.

On the Tenants tab of the APIC GUI, use the information from Step 1 to find the EPG and 
make note of the bridge domain.

Expand the EPG and make note of the domain profile name.

On the Tenants tab, expand the Application Profiles, and right-click uSeg EPG.

Enter a name for the uSeg EPG, in this format: “quarantine-EPG_name_of_the_EP.”

Select the bridge domain of the EPG from Step 2a.

Add an IP filter attribute by clicking the plus sign on lower right and entering the IP address 
for the name and filter. 

Click Next Step and select the same domain profile from step 2b.

Set the Deployment Immediacy to Immediate.

Click Update and then click Finish.