Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How to change ip access-list session any any svc-dhcp permit to spesific IP

This thread has been viewed 4 times

  • 1.  How to change ip access-list session any any svc-dhcp permit to spesific IP

    Posted Sep 10, 2013 12:00 AM

    Hi,

    I have a controller Aruba MODEL: Aruba800, Version 5.0.4.2. and I have a question ..
    How do I change the command ip access-list session A "any any svc-dhcp permit" to Specific IP ?

    for example, is:
    "172.16.32.0 network 10.0.0.0 network 255.0.0.0 255.255.255.0 svc-dhcp permit"
    because if I try the command above example the user does not get ip from DHCP Server and its status is limited Connection,
    but if I enter "any any svc-dhcp permit" all goes running well.

     

    Please help.

     

    Thank you..



  • 2.  RE: How to change ip access-list session any any svc-dhcp permit to spesific IP

    Posted Sep 10, 2013 12:09 AM

    At the time a client requests an IP, they don't have one, thus the "any" as source.  If you put in your source of a specific network it will fail since the user is not on a network yet.  What are you trying to accomplish by changing this?

     

    Typical setups include the following DHCP related rules

     

    user any udp 68 deny (to deny a client from being a DHCP server)

    any any svc-dhcp permit (to allow all clients to request and get IPs)