NimbostratusClient Side Checks: MAC Address Filtering
I am trying to efficiently apply client side, mac address checking.
Initially, I created an vpe: start -> machine info with a mac address listed. This only works part of the time, and allows all mobile devices (like Android).Ideally, I need to be able to have a group of mac addresses per "department" I then attempted to use a vpe that selects machine info, then goes to an iRule Event that points to a iRule datagroup:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "chkmac" } { set mac [ACCESS::session data get "session.machine_info.last.net_adapter.list.[0].mac_address" ] if { [class match $mac equals macDG] } { ACCESS::session data set "session.logon.custom.chkmac" 1 } else { ACCESS::session data set "session.logon.custom.chkmac" 0 } } }
within the iRuleEvent, I have this branch: expr { [mcget {session.logon.custom.chkmac}] == 1 }
Unfortunately, this just hits the fallback, rather than going to a logon page, AD Auth, etc to resources.
If there is anyway to make this work, that would be critical to our environment. Sadly, I'm not an iRule expert. We are on Version 11.6.0build 6.179.442
Here are some screenshots of my attempts. The overview shows my "Android" Bypass on top, and the iRule event below, Message box showing that everything always goes to "fallback".
