Configure IMSI/MAC White Lists

The ike-access-control configuration element defines a white list that filters IMSI or MAC identities presented by remote endpoints during the authentication process. Only those identities matching the literal or regular expressions contained within the white list are forwarded via the Wm interface to a RADIUS server for authentication.

1. Access the ike-access-control configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# ike
   ORACLE(ike)# ike-access-control
   ORACLE(ike-access-control)#

2. name—Provide a unique identifier.

   ORACLE(ike-access-control)# name white_01

3. state—Enable access control.
4. identifier—Provide one or more MCC or MCC/MNC match patterns for IMSI-based whitelisting.

   This identifier, a literal string, matches the Russian Federation.

   ORACLE(ike-access-control)# identifier 250

   This identifier, which uses the wildcard symbol (^) signifying any single digit within the range 0 through 9, matches the continental United States.

   ORACLE(ike-access-control)# identifier 31^

   This identifier, a double-quote delimited list of prefixes separated by spaces, matches T-Mobile United States networks.

   ORACLE(ike-access-control)# identifier "26201 26206"

   This identifier, a double-quote delimited list of prefixes separated by spaces, matches Verizon Wireless United States networks.

   ORACLE(ike-access-control)# identifier "310004 310012"

   For MAC-based whitelisting, the following double-quote delimited list identifies three specific MAC addresses.

   ORACLE(ike-access-control)# identifier "0123456789AB 6789912345BF DA2345918290"

   Note:

   Do not configure an empty white list. Assigning an empty white list to an IKEv2 interface results in authentication failure for all presented identities.
5. Type done to save your configuration.
6. If necessary, configure additional ike-access-control configuration elements.