Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Lock down dhcp on wired ports and block access for range of IPs

This thread has been viewed 0 times

  • 1.  Lock down dhcp on wired ports and block access for range of IPs

    Posted Nov 17, 2011 11:26 AM

    Have a controller that is sitting on a network for public guest access. It must sit on this network because there is a route back to a remote office for management purposes. My dillema comes in two parts which I'm pretty sure can be solved via f/w policies I just need to know the right ones.

     

    First, I need to block acces to the Controller and AMP server that are sitting on this network and limit them to only a couple IPs that are allowed to access them.

     

    Second, I need to block dhcp requests for anything plugged into the wired ports on the switch that is connected to the controller.



  • 2.  RE: Lock down dhcp on wired ports and block access for range of IPs

    Posted Nov 17, 2011 03:41 PM

    First - you need to create an ACL that allows the required ports/protocols for management (http, https, tcp/4343, SSH, SNMP, etc) from the management IPs.  Once you have the ACL defined, add it to the physical (gig 1/0, for instance) port  on the controller that attaches to your network.  This won't help AMP, though.  You will have to add ACLs to some other device to protect it.

     

    Second, do you need the ports up?  Can you just shut them down in the config?   If not, you will have to create an ACL that denies DHCP and then permits everything else and apply it to those ports.