Security

 View Only
  • 1.  Static host lists

    Posted Jan 30, 2023 11:28 AM
    hello Airheads,
    does anyone know if you can use wildcards in static host lists (for MAC addresses)
    the fist 3 bytes are common to all clients.
    cheers
    Pete

    p.s. it's just a stop gap for the customer they realise it's not ideal long term !!


  • 2.  RE: Static host lists

    Posted Jan 30, 2023 12:06 PM

    Could you tell us tecnology are you thinking apply that on? Is it for Wireless, Instant / AOS, is it for switches? Maybe a Clearpass config?

     

    Regards,

    Jorge






  • 3.  RE: Static host lists

    Posted Jan 30, 2023 12:11 PM
    apologies Jorge i forgot to mention.
    They are doing "wired NAC" for thin clients (non-windows devices) and while they are working out how to enable EAP-TLS on these clients they want to get the clients onto the networks via a MAC auth process.Does that help ?
    pete


  • 4.  RE: Static host lists
    Best Answer

    Posted Jan 30, 2023 12:22 PM
    Why not use profiling instead?


  • 5.  RE: Static host lists

    Posted Jan 30, 2023 12:44 PM
    Thanks,
    that's got to be the best idea.
    i wouldn't need to specify an authentication source.
    Just profile " if connection MAC address begins with 00-12-34" then allow.
    cheers
    pete


  • 6.  RE: Static host lists

    Posted Jan 30, 2023 04:35 PM
    check this video for how to do profiling with clearpass
    https://www.youtube.com/watch?v=sgGaHiFpGjc

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------