ArubaOS and Controllers

Reply
Occasional Contributor II

Controller Management Security

In another thread I came across the following statement:




I was wondering if anyone knows how to turn OFF management for all IPs except one? In most network environments you only want to manage your network equipment from one IP or allow management from a range of IPs to that specific network device. Most other network vendors have the concept of an Access Control List for Management. Is this something that Aruba has thought about? Thanks.

Occasional Contributor II

Re: Controller Management Security

Our (admittedly cumbersome) solution was to define every IP of every controller in a netdestination called "MGMT-IPs", then create an ACL restricting access to it, and applying that ACL to every user-role and every physical interface on the controller.

I'd very much like to see a "management" interface we can set an ACL on, like Cisco's vty's.
Occasional Contributor II

Re: Controller Management Security

I have come across the same solution but I agree that this is a must add feature and second your request.
Aruba Employee

Re: Controller Management Security

I was just reviewing my security logs and came across ssh brute force attempts on a new vlan IP.

We had defined an ACL for mswitch but that points to the loopback and nothing else.

I third the request for an alias to all controller IPs or the ability to restrict management to a single IP.
MVP

Rfe 1007

We (OSU) submitted an RFE for service ACLs, which would be similar to your Linux "hosts.allow" files. Essentially, it'd be nice to simply say to what networks SSH/HTTPS is allowed without ever actually specifying destination IP addresses.

I suppose an all-encompassing built-in netdestination would do the same thing, too, though. Good suggestion!
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: