Video

Aruba ClearPass Workshop - Wired #4 - Dynamic Access List (dACL)

MVP MVP
MVP

In this video, we will add the pushing of Dynamic Access Lists to our wired deployment. This allows us to add additional security that is applied at the switch port level.

To get the ArubaOS Switch Access Security Guide, just google for the name: ArubaOS Switch Access Security Guide 16.03
Search for ACE Syntax to get the proper ACL syntax.

Check the following notes for the used ACLs:

 

ws_dACL_untrusted
Description: Deny access to internal servers
1. Radius:IETF NAS-Filter-Rule =
permit in udp from any to any 53,67
deny in ip from any to 10.1.254.0/24
permit in ip from any to any

ws_dACL_voice
Radius:IETF NAS-Filter-Rule = 
permit in udp from any to any 53,67
permit in ip from any to 10.1.254.26
permit in ip from any to 10.1.254.28
deny in ip from any to any any

ws_dACL_internal_only
Description: Deny access to internal servers
1. Radius:IETF NAS-Filter-Rule =
permit in udp from any to any 53,67
permit in ip from any to 10.1.254.0/24
deny in ip from any to any

This video is part of the Aruba ClearPass Workshop series.

- Direct Youtube link -

Version history
Revision #:
1 of 1
Last update:
‎07-18-2017 11:21 AM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.