Configuring Switch Port Control 
===============================

Configuring Switch Port Control by Enforcement Policies or manual action
starts with the configuration of SNMP, which will provide the information and
access necessary for port blocking. For basic switch setup, see:
:doc:`../../monitoring/switch/browsing-switches`.

Enable Switch Port Control on Enforcement Policy
------------------------------------------------

The target of the switch port control is determined by the Enforcement Policy.
If you want to control switch ports for specific nodes, you need to create an
enforcement policy that targets those nodes and then configure the switch port
blocking setting.

#. Click **Policy** in the top panel
#. Go to **Policy > Enforcement Policy** in the left panel
#. Click desired **ID** for enabling switch port blocking

Under **Enforcement Options > Switchport Control**

#. For **Control Port with SNMP**, select **None**, **Shutdown**, or **VLAN**
#. For **SNMP Write Community**, enter default write community string, or an
   SNMPv3 user and password(s). If this setting is empty, will use switch's own
   setting.
#. Configure Specific options:
   
   - For **Port Shutdown**: configure the following:

     **Description**: enter text for appending to SwitchPorts existing
     description.

     **MAC Threshold for Disabling**: if a SwitchPort has more than this
     number of MACs associated, it will not blocked.

     **Description for Exception**: If a SwitchPort Description partially
     matches a term entered here, it will not be shut down.
   
   - For **Port VLAN**: Enter the **VLAN ID** to be assigned. 

#. For **MAC Threshold for Disabling**, if a switch port has more than this
   number of MACs, it will not blocked.
#. For **Description**, enter text for appending to switch port's existing
   description.
#. Click **Update**

Switch Port Manual Control
--------------------------

You can manually control **Switch Ports** in the web UI undr **Management > Switch**.

#. Go to **Management > Switch** in the top panel
#. Click on **Port** in the main **Switch Ports** window
#. Configure one or more of the following:

   - **Admin Down**: Check or uncheck the box to change the port link status.
   - **VLAN ID**: Enter a VLAN ID for the port.
#. Click **Send SNMP Command**