Security

 View Only

  • 1.  Device in Policy Manager IP address with/without mask , which is valid?

    Posted Feb 13, 2025 04:28 PM

    I added these 2 device via API:


    Both are the same IP, which one would CP consider the ip 99.99.99.99 belong to? Is it correct that we can add these to Devices even though the IP is the same? Aren't these conflicting with one another?




  • 2.  RE: Device in Policy Manager IP address with/without mask , which is valid?

    Posted Feb 13, 2025 05:13 PM

    Depends on how the matching happens exactly, but I suspect the IP address alone will be matched prior to the address with mask.  You're attributing too much intelligence to the field validation during the device save.  I would say that there is zero expectation that a person would normally be entering a host entry with CIDR.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 3.  RE: Device in Policy Manager IP address with/without mask , which is valid?

    Posted 30 days ago

    I don't know how ClearPass 6.11 and 6.12 handles the CIDR format with a /32. But at least in older versions of ClearPass, don't remember exact version but 6.7-6.9 somewhere, I have noticed that the CIDR format with /32 doesn't work at all.

    An IP address entered in a CIDR /32 format wasn't found. Any other CIDR format did work and the IP address did work fine.

    But as mentioned I haven't tested in 6.11 or newer versions.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


Related Content