ArubaOS and Controllers

KadeCole · ‎11-03-2009

In another thread I came across the following statement:

I was wondering if anyone knows how to turn OFF management for all IPs except one? In most network environments you only want to manage your network equipment from one IP or allow management from a range of IPs to that specific network device. Most other network vendors have the concept of an Access Control List for Management. Is this something that Aruba has thought about? Thanks.

ahenson · ‎11-03-2009

Our (admittedly cumbersome) solution was to define every IP of every controller in a netdestination called "MGMT-IPs", then create an ACL restricting access to it, and applying that ACL to every user-role and every physical interface on the controller.

I'd very much like to see a "management" interface we can set an ACL on, like Cisco's vty's.

KadeCole · ‎11-03-2009

I have come across the same solution but I agree that this is a must add feature and second your request.

turner · ‎11-04-2009

I was just reviewing my security logs and came across ssh brute force attempts on a new vlan IP.

We had defined an ACL for mswitch but that points to the loopback and nothing else.

I third the request for an alias to all controller IPs or the ability to restrict management to a single IP.

Ryan · ‎11-17-2009

We (OSU) submitted an RFE for service ACLs, which would be similar to your Linux "hosts.allow" files. Essentially, it'd be nice to simply say to what networks SSH/HTTPS is allowed without ever actually specifying destination IP addresses.

I suppose an all-encompassing built-in netdestination would do the same thing, too, though. Good suggestion!

==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

ArubaOS and Controllers

Controller Management Security

Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Rfe 1007

Rfe 1007

Wildcard certificates for controller?

L2 bridging from ENET1 on RAP to ethernet port on master controller

Novell eDirectory

Unable to hide ssid

Clients are not communicating each other

COTD: Boot options for controllers

COTD: Recover a forgotten key

CBT available: Adaptive Radio Management (ARM)

COTD: SNMP events

Aruba Sponsors Presentation by Retail Industry Data Security Leaders at National Reta

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

Rolling out 802.1x with GTC

Making DHCP mandatory on Aruba WLAN

Wireless Group Policy on Windows 2008

AirWave Downloads

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: ArubaOS Downloads

Remote AP Networks

Indoor 802.11n Site Survey and Planning

Base Designs Lab Setup for Validated Reference Design

Optimizing Aruba WLANs for Roaming Devices

Campus Redundancy Model

ArubaOS and Controllers

Controller Management Security

Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Re: Controller Management Security

Rfe 1007

Rfe 1007

Follow Us