Security

Reply
Super Contributor I
Posts: 307
Registered: ‎02-07-2013

Using static list in role Generation

Hi
I've got a static list of MAC addresses in cppm and I'd like to set up a role based up on whether the client Mac addres is in the static list
I've set up a role mapping
If connection:client-Mac-address-colon belongs-to allowed_xp_machines <assign this role>
But the policy mapping never gets hit

What am I doing wrong?
Rgds
Alexia
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Using static list in role Generation

Try:
Connection:Client-Mac-Address BELONGS_TO_GROUP

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Using static list in role Generation

Instead of using the role mapping apply it using it in the enforcement policy:
Connection>Client MAC address > Belongs to group >SHL group
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 307
Registered: ‎02-07-2013

Re: Using static list in role Generation

We've actually found another way of doing this thanks, but  our mac addresses are upper-case hex pair delim by "-". Given that the static host list entries are lower case hex pairs delim by ":", does some magic happen behind the scenes?

 

A

Search Airheads
Showing results for 
Search instead for 
Did you mean: