Security

 View Only
last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Adding NAS ip range on a service in clearpass

This thread has been viewed 16 times

  • 1.  Adding NAS ip range on a service in clearpass

    Posted 27 days ago

    Hi

    Does the it work with using  Name NAS-IP-ADDRESS Operator > BEGINS_WITH  "192.168.1.10" and another one with "ENDS_WITH "192.168.1.100"

    Will it match with app ips between 10 and 100 then?




  • 2.  RE: Adding NAS ip range on a service in clearpass

    Posted 27 days ago

    No, BEGIN_WITH will compare the beginning of the string, so BEGINS_WITH 192.168.1. will work. But include everything from 192.168.1.0 to 192.168.1.255.

    You may be able to write a REGEX and use Equals instead. But I don't know the syntax for such regex you need.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 3.  RE: Adding NAS ip range on a service in clearpass

    Posted 27 days ago

    Regex seems to be a good use here yes.

    Seems like i can use NAS-IP-Address and operator as MATCHES_REGEX and then an regex value like : 192\.168\.1\.(1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9]|6[0-9]|7[0-9]|8[0-9]|9[0-9]|100)



    Original Message


  • 4.  RE: Adding NAS ip range on a service in clearpass

    EMPLOYEE
    Posted 27 days ago

    Just create a network device group and use NAD-IP-Address BELONGS_TO_GROUP.  Way easier to maintain and much easier to read.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: Adding NAS ip range on a service in clearpass

    EMPLOYEE
    Posted 26 days ago

    using regex, i think this will do it. 

    ^192\.168\.1\.([1-9]\d|100)$



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message