Security

 View Only

  • 1.  Blacklist and whitelist rule

    Posted Apr 29, 2019 04:43 AM
    Hello , I have a customer setup for wired lan .

    What they want is to put a whitlist and black list rule based in Mac address on top .

    So irrespective of whether a laptop / desktop tries to authenticate via eap-tls or captive portal , it will directly hit this rule . If blacklist block it and if whitlist allow it.

    Is it possible? Because if wired dot1 x rule is below this rule and laptop is trying dot1x first , it will never hit the top rule . The requirement here is to have a kind of global rule for emergency to blacklist and white list Mac address irrespective of authentication method .

    Is it doable ?


  • 2.  RE: Blacklist and whitelist rule

    Posted Apr 29, 2019 05:01 AM
    Why do you want this? By default 802.1x is leading in this.
    If you want specific clients to be blocked, I suggest you to use a rule within ClearPass to block this.

    It's also possible to change the authentication order and/or priority within the Aruba switches but in most cases it's not needed to change this. I will suggest you create a workflow within ClearPass for this.


Related Content