Security

Reply
Occasional Contributor II

ClearPass 6.2 static host list management

Hi,

 

We would like to use regular expressions to authenticate hosts on our network.

For example, allow host using vendor part of MAC address (OUI).

CP.png

 

The problem is that we don't understand how to make regular expressions. We are a little bit lost with . or * !

 

Thank you.

Regards

Re: ClearPass 6.2 static host list management

Use this instead :

 

782BCB*

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba

Re: ClearPass 6.2 static host list management

Thanks Victor, didn't realize you could even use an * for the RegEx field.    @bencoolen; if you need some added flexibility, the regular expression you were looking for is the following. 

 

78-2b-cb-([0-9A-F]{2}-){2}([0-9A-F]{2})$

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II

Re: ClearPass 6.2 static host list management

Hello,

 

Thank you for your answer. This is not working. The host I use to perform this test is not recognized and so, not allowed on my network. It sounds good but do you know if we have to define role mapping condition differently than a classic static host list (list of MAC addresses, not regex).

 

The above condition uses normal static list. The second one is the regex.

CP2.png

Guru Elite

Re: ClearPass 6.2 static host list management

Why not just do



Client-Mac-Address BEGINS_WITH (oui)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: ClearPass 6.2 static host list management

Hello,

 

This is what we do right now :smileyhappy: We manage that in the rule mappings.

Using groups allow us to give names (e.g. Xerox printers, Samsung printers for the role : Printers)

 

Thank you

Occasional Contributor II

Re: ClearPass 6.2 static host list management

Fyi the solution :

 

Regex

Example

^00[:-]?30[:-]?[fF]9([:-]?[0-9a-fA-F]{2}){3}$

00:30:f9:xx:xx:xx

^78[:-]?2[bB][:-]?[cC][bB][:-]?[dD][0-9a-fA-F]([:-]?[0-9a-fA-F]{2}){2}$

78:2b:cb:dx:xx:xx

^78[:-]?2[bB][:-]?[cC][bB][:-]?[dD]5([:-]?[0-9a-fA-F]{2}){2}$

78:2b:cb:d5:xx:xx

^78[:-]?2[bB][:-]?[cC][bB][:-]?[dD]5[:-]?[aA][0-9a-fA-F][:-]?([0-9a-fA-F]{2})$

78:2b:cb:d5:ax:xx

^78[:-]?2[bB][:-]?[cC][bB][:-]?[dD]5[:-]?[aA][cC][:-]?([0-9a-fA-F]{2})$

78:2b:cb:d5:ac:xx

^78[:-]?2[bB][:-]?[cC][bB][:-]?[dD]5[:-]?[aA][cC][:-]?3[0-9a-fA-F]$

78:2b:cb:d5:ac:3f

MVP

Re: ClearPass 6.2 static host list management

The suggestion to just use '*' above was close, it should have been '.*'

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: