Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

How do I wildcard the third octet of a subnet?

This thread has been viewed 13 times
  • 1.  How do I wildcard the third octet of a subnet?

    Posted Jun 17, 2022 05:18 PM
    I need to allow access to the default gateway for 40 subnets, but I want to restrict access to the rest of the subnet. is it possible to write a firewall rule that would let me wildcard the third octet of the subnet? For example I want it to be 192.168.xxx.1 where x is any subnet.


  • 2.  RE: How do I wildcard the third octet of a subnet?

    EMPLOYEE
    Posted Jun 18, 2022 07:28 AM
    Maybe what you want can be accomplished in a different way.  The way you describe it would involve alot of work to accomplish.  What product are you using and what are you trying to block/allow in detail?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: How do I wildcard the third octet of a subnet?

    Posted Jun 21, 2022 08:42 AM
    Basically I have a SSID that I'm using for an internal service. I have 45 sites I need to deploy this SSID to. Each site has a private subnet of 192.168.xxx.0/24 where xxx is the site id. So I'd like to be able to allow 192.168.xxx.1 for each of the 45 subnets but block access to the rest of the 192.168.xxx.0/24 subnets. Basically restrict most access internally but allow for internet access.


  • 4.  RE: How do I wildcard the third octet of a subnet?

    EMPLOYEE
    Posted Jun 21, 2022 08:55 AM
    Assuming 192.168.x.1 is the default gateway, you should allow traffic to internal services via protocol first, and then block all traffic to 192.168.0.0:

    user any permit service svc-dns <dns server ip>
    user any deny network 192.168.0.0 255.255.0.0
    any any any permit

    The default gateway (.1) is not the destination of any traffic so you can safely just block the whole subnet.  I don't know what product you are using, so the syntax above might not be correct, but you get the idea, hopefully.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 5.  RE: How do I wildcard the third octet of a subnet?

    EMPLOYEE
    Posted 18 days ago
    In theory, 192.168.0.1 with mask 255.255.0.255 would match every .1 in 192.168.0-192.168.255. It's just very uncommon to have subnet masks that don't have the 0-bits at the end, but it may work depending on the device and if the configuration is accepted.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------