In this video, we will add the pushing of Dynamic Access Lists to our wired deployment. This allows us to add additional security that is applied at the switch port level.
To get the ArubaOS Switch Access Security Guide, just google for the name: ArubaOS Switch Access Security Guide 16.03Search for ACE Syntax to get the proper ACL syntax.
Check the following notes for the used ACLs:
ws_dACL_untrusted Description: Deny access to internal servers 1. Radius:IETF NAS-Filter-Rule = permit in udp from any to any 53,67 deny in ip from any to 10.1.254.0/24 permit in ip from any to any ws_dACL_voice Radius:IETF NAS-Filter-Rule = permit in udp from any to any 53,67 permit in ip from any to 10.1.254.26 permit in ip from any to 10.1.254.28 deny in ip from any to any any ws_dACL_internal_only Description: Deny access to internal servers 1. Radius:IETF NAS-Filter-Rule = permit in udp from any to any 53,67 permit in ip from any to 10.1.254.0/24 deny in ip from any to any
This video is part of the Aruba ClearPass Workshop series.
- Direct Youtube link -
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.