Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

How do I wildcard the third octet of a subnet?

This thread has been viewed 11 times
  • 1.  How do I wildcard the third octet of a subnet?

    Posted 13 days ago
    I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.


  • 2.  RE: How do I wildcard the third octet of a subnet?

    EMPLOYEE
    Posted 12 days ago
    Maybe what you want can be accomplished in a different way.  The way you describe it would involve alot of work to accomplish.  What product are you using and what are you trying to block/allow in detail?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: How do I wildcard the third octet of a subnet?

    Posted 9 days ago
    Basically I have a SSID that I'm using for an internal service. I have 45 sites I need to deploy this SSID to. Each site has a private subnet of 192.168.xxx.0/24 where xxx is the site id. So I'd like to be able to allow 192.168.xxx.1 for each of the 45 subnets but block access to the rest of the 192.168.xxx.0/24 subnets. Basically restrict most access internally but allow for internet access.


  • 4.  RE: How do I wildcard the third octet of a subnet?

    EMPLOYEE
    Posted 9 days ago
    Assuming 192.168.x.1 is the default gateway, you should allow traffic to internal services via protocol first, and then block all traffic to 192.168.0.0:

    user any permit service svc-dns <dns server ip>
    user any deny network 192.168.0.0 255.255.0.0
    any any any permit

    The default gateway (.1) is not the destination of any traffic so you can safely just block the whole subnet.  I don't know what product you are using, so the syntax above might not be correct, but you get the idea, hopefully.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------