Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Using static list in role Generation

This thread has been viewed 0 times

  • 1.  Using static list in role Generation

    Posted Dec 08, 2015 07:01 AM
    Hi
    I've got a static list of MAC addresses in cppm and I'd like to set up a role based up on whether the client Mac addres is in the static list
    I've set up a role mapping
    If connection:client-Mac-address-colon belongs-to allowed_xp_machines <assign this role>
    But the policy mapping never gets hit

    What am I doing wrong?
    Rgds
    Alexia


  • 2.  RE: Using static list in role Generation

    EMPLOYEE
    Posted Dec 08, 2015 07:04 AM
    Try:
    Connection:Client-Mac-Address BELONGS_TO_GROUP

    Sent from Nine


  • 3.  RE: Using static list in role Generation

    Posted Dec 08, 2015 07:44 AM

    We've actually found another way of doing this thanks, but  our mac addresses are upper-case hex pair delim by "-". Given that the static host list entries are lower case hex pairs delim by ":", does some magic happen behind the scenes?

     

    A



  • 4.  RE: Using static list in role Generation

    Posted Dec 08, 2015 07:05 AM
    Instead of using the role mapping apply it using it in the enforcement policy:
    Connection>Client MAC address > Belongs to group >SHL group