Security, WIDS/WIPS and Aruba ECS

Reply
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Blacklisting using wildcards?

Can you "Blacklist" using wildcards?
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: Blacklisting using wildcards?

No, and you probably don't want to given you could easily catch a lot of folks you didn't mean to in the blacklist. What is it you're trying to do?

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Blacklisting using wildcards?

I have the luxury of controlling what devices are purchased for use on our network so the likeliness of "Blacklisting" a valid device is not a problem.

I have students bringing niNtendo DS systems, IPODs and other wireless devices that keep trying to attach to my wireless network hence the wish for a means of using wildcards to Blacklist these little hackers en mass. :D
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: Blacklisting using wildcards?

You could do this by using a AAA derivation rule to move them into a blacklist role. What you would need to do is match the first part of the mac, something like:

aaa derivation-rules user "aaa-blacklist"
set role condition macaddr starts-with "00:11:22" set-value "blacklist" position 1


You would need to create the blacklist policy and role:

ip access-list session "blacklist"
any any any deny blacklist queue low
!
user-role "blacklist"
access-list session "blacklist" position 1
!


That should get done what you're trying to do, but as always be sure to test it first in your lab.

Since you have control, any chance you could just deploy EAP-TLS or leverage mac auth to keep these other systems off the network?

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Blacklisting using wildcards?

Thanks Andy, I'll give that a try.
Search Airheads
Showing results for 
Search instead for 
Did you mean: