Security

 View Only
  • 1.  is regex different in Static Host Groups?

    Posted Oct 30, 2024 07:36 AM

    Hello, I want to build a condition with Regex that gets trigged by a defined Vendor-MAC.

    My current Regex solution is something like this: ^6C-C4-9F((-[0-9]|-[A-F])([0-9]|[A-F])){3}

    The problem is that when I put this expression in a static host group it doesn't work but when I put it in the condition direktly it does.

    Is Regex in a static host group different from regular Regex, if yes how? If not, has anyone a idea why the static host group doesn't work as a value for such a condition?



    ------------------------------
    Nicht_Gut
    ------------------------------


  • 2.  RE: is regex different in Static Host Groups?

    Posted Oct 30, 2024 09:57 AM

    The device group RegEx is looking at IP addresses, not MAC addresses.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: is regex different in Static Host Groups?

    Posted Oct 30, 2024 10:45 AM

    I am not using the device groups I use the static host Lists (Configuration>Identity>Static Host Lists) wich one can configure as IP or MAC



    ------------------------------
    Nicht_Gut
    ------------------------------



  • 4.  RE: is regex different in Static Host Groups?

    Posted Oct 30, 2024 10:57 AM

    Your initial description wasn't entirely clear.

    Notice the difference in the example, no usage of ^ or $.

    But, why bother with an SHL if you can accomplish the exact same outcome without the SHL?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: is regex different in Static Host Groups?

    Posted Oct 31, 2024 02:19 AM
    So there is a difference between Regex for IP adresses and Regex for MAC-adresses in SHL? Do you by chance know if that is documented somewhere?
     
    I am experimenting and thougt that SHL-names would be easyer to understand, than a Regex


    ------------------------------
    Nicht_Gut
    ------------------------------



  • 6.  RE: is regex different in Static Host Groups?

    Posted Oct 31, 2024 10:18 AM

    I've never implemented an SHL so no idea.  The documented behavior would be in the User Guide if that exists.

    Use a role mapping to assign a role based on your MAC address test...or just rely on the existing mapping that ClearPass already does to assign the vendor based on the OUI.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: is regex different in Static Host Groups?

    Posted Oct 31, 2024 07:17 AM

    I would not use a static host list for this.  Why not just reference the regex directly within policy?  Static host lists are a legacy ClearPass feature and should no longer be used.




  • 8.  RE: is regex different in Static Host Groups?

    Posted Oct 31, 2024 06:03 PM

    You can use your reg-ex in Role mapping which then you can reference in your enforcement policy. See below



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------