Security, WIDS/WIPS and Aruba ECS

Reply
Regular Contributor II

using the oui in statefull firewall policy

I want to only allow devices with a certain OUI to access a specific host. Under Policies, can i use OUI as host or will I need to make an alias that says the OUI?
Aruba Employee

Re: using the oui in statefull firewall policy

John,

You can create an ACL that allows on a specific OUI, but the issue I see is that you can't layer MAC ACLs and IP ACLs. You can create the MAC ACL with:

ip access-list mac test
permit 0f:12:33:00:00:00 11:11:11:00:00:00

That will create an ACL called test that allows the OUI "0f:12:33". You can add that ACL to the role applied for the users. The problem is that when the MAC matches this ACL (if it is at the top), ALL PACKETS will be allowed. If this ACL is at the bottom of the role, if any of the session ACLs match, the MAC ACL will not be evaluated (first match rule).

Is this a general use SSID, or can you limit who can connect by MAC address? That way, you could still apply IP ACLs and permit/deny the right traffic.
Regular Contributor II

Re: using the oui in statefull firewall policy

Thanks.
We have about 160 pumps (all start with the same OUI)that connect wireless and only needs to access one server.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: