forked from iot-onboarding/mudmaker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmudurl.html
More file actions
129 lines (129 loc) · 6.4 KB
/
mudurl.html
File metadata and controls
129 lines (129 loc) · 6.4 KB
1
<!DOCTYPE html><!-- Prism by TEMPLATED templated.co @templatedco Released for free under the Creative Commons Attribution 3.0 license (templated.co/license)--><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>How Devices Can Emit MUD URLs</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <!--[if lte IE 8]><script src="assets/js/ie/html5shiv.js"></script><![endif]--> <link rel="stylesheet" href="assets/css/main.css"> <!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css" /><![endif]--> </head> <body> <!-- Banner --> <section id="banner"> <div class="inner split"> <section> <h2>How Devices can Emit</h2> <h2>MUD URLs</h2> </section> <section> <p>A tool to build your own MUD files</p> <ul class="actions"> <li><a href="mudmaker.html" class="button special">Go Right to MUD Maker</a></li> </ul> </section> </div> </section> <section id="two" class="wrapper style2 alt"> <div class="inner"> <div class="content"> <h3>Telling the network what type of device you are: emitting the MUD URL</h3> <p>Part of the challenge network administrators face is determining what any given device is. That is- classifying the device. The other part of the challenge is linking that classification to a policy. Manufacturer Usage Descriptions addresses both of these challenges. The MUD file explains what sort of policies a device needs. The MUD URL points to that explanation. </p> <h3>Step 1: Know what MUD URL you are going to assign</h3> <p>The MUD URL should point to whatever file server on which your MUD file will reside. You can test that the MUD URL is correct by visiting it in your local browser and confirming that the correct MUD file for your device appears. (This means you have to have placed the MUD file there). You can even drop the file on box.com or GitHub or similar services. Wherever you place it, d<strong></strong>evices using that MUD URL will forever look to that location.</p> <h3>Step 2: Decide how the local deployment should learn what the MUD URL for your device is.</h3> <p>There are four ways that deployments can learn of your device's MUD URL:</p> <table style="width: auto;" border="1"> <tbody> <tr> <td><strong>LLDP</strong></td> <td>IEEE 802.1AB or <strong>LLDP</strong> is a standard that devices can use to periodically emit information about themselves, and to learn about similar devices. The MUD standard specifies a MUD field to use. To emit the MUD URL via LLDP in Linux, you can use lldpd's lldpcli command or <a href="lldpmud.sh" title="lldpmud script">this simple script </a>to cause LLDP to emit a given MUD URL. Use LLDP when your device does not support either DHCP or certificate-based authentication.</td> </tr> <tr> <td><strong>DHCP</strong></td> <td>The MUD standard specifies two new options to emit MUD URLs, option 161 for DHCPv4 and option 112 for DHCPv6. For linux-based devices, using ISC dhclient, simply modify the dhclient.conf file as follows:<br> <pre style="margin: 0px 0px 0px 40px;"><font style="font: 14.0px Menlo; font-variant-ligatures: no-common-ligatures; color: #000000"face="Menlo"size="4"color="#000000">option mudurl code 161 = text;<br>send mudurl "https://www.example.com/yourmudfile.json";<br>option dhcp6.mudurl code 112 = text;</font></pre> <pre style="margin: 0px 0px 0px 40px;"><font style="font: 14.0px Menlo; font-variant-ligatures: no-common-ligatures; color: #000000"face="Menlo"size="4"color="#000000">send mudurl "https://www.example.com/yourmudfile.json";<br></font></pre> For linux-based devices using dhcpcd, simply specify the murul as follows:<br> <pre style="margin: 0px 0px 0px 40px;"><font style="font: 14.0px Menlo; font-variant-ligatures: no-common-ligatures; color: #000000"face="Menlo"size="4"color="#000000">mudurl "https://www.example.com/yourmudfile.json"</font></pre> </td> </tr> <tr> <td><strong>Device Certificates</strong></td> <td>If you are already installing IEEE 802.1AR or similar certificates in your device that is suitable for IEEE 802.1X authentication, no configuration changes on the device are necessary. Instead, an additional extension is used, as specified in RFC 8520.</td> </tr> <tr> <td><strong>Manual Configuration</strong></td> <td>In this case, the device does <strong>not</strong> emit the MUD URL but you have listed the URL in your documentation. This requires that the administrator import that URL into his MUD manager manually.</td> </tr> </tbody> </table> <p><br> </p> <ul class="actions"> <li><a href="mudmaker.html" class="button alt">Build a mud file</a> <a href="index.html" class="button alt">Back</a></li> </ul> </div> </div> </section> <!-- Footer --> <footer id="footer"> <div class="copyright"> © Untitled. All rights reserved. Images: <a href="http://unsplash.com">Unsplash</a>. Design: <a href="http://templated.co">TEMPLATED</a>. </div> </footer> <!-- Scripts --> <script src="assets/js/jquery.min.js"></script> <script src="assets/js/skel.min.js"></script> <script src="assets/js/util.js"></script> <!--[if lte IE 8]><script src="assets/js/ie/respond.min.js"></script><![endif]--> <script src="assets/js/main.js"></script> </body></html>