How to whitelist a mac address in netscaler

[Eyad Wardani]

Hi,

I was able to white list IPv4 addresses in NetScaler using the following expression in UI:

CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY("Whitelist").NOT

 

But I cannot get it to work based on the MAC address using the following expression in UI:

CLIENT.ETHER.SRCMAC.TYPECAST_TEXT_T.CONTAINS_ANY("Whitelist_MAC").NOT

 

Please note that the "Whitelist_MAC" will contain the allowed MAC addresses in the data set.

 

Thanks for your help in advance.

[CarlStalhood]

Are the client machines and the NetScaler on the same Layer 2 subnet? If not, then the client MAC will be the router MAC.

[Eyad Wardani]

Oh no, the client machines and the NetScaler are not on the same Layer 2 subnet. The client machine is an iPhone. So I used the iPhone MAC address and it didn't work.

[CarlStalhood]

Citrix EPA scans can verify a client device's MAC address. This feature is for AAA or Citrix Gateway. https://docs.netscaler.com/en-us/citrix-gateway/current-release/vpn-user-config/advanced-endpoint-analysis-policies/epa-scan-for-whitelisted-mac-addresses.html

[Paul Blitz]

Of course, whilst EPA can look for a client mac address, EPA won't run on an iPhone ? 

 

Is this for Gateway / AAA, or something else?