12-20-2010 04:14 PM
Two quick questions. If I have a controller serving clients on a 10.10.4.x address, but want it to be able to be managed from a 192.168.3.x address, should I have to do anything more than add the 192.168.3.x address to the 1/1 port?
Also, is there an easy way to disallow wireless clients from reaching the controller WebUI?
12-20-2010 04:36 PM
The best way to disallow clients from reaching the controller GUI is to create an alias that has ip hosts for all of the controller interface ip addresses. Create a firewall policy that says user alias controller service svc-ssh deny, and user alias controller TCP 4343 deny. Apply that policy to the user role you want blocked.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
12-30-2010 01:48 PM
Wouldn't it be nice if the controller just *knew* what addresses were configured on it and one could use an alias that dynamically maps to all the controller's local addresses? "mswitch" gets close by dynamically matching the controller-ip.
I've asked for this for 3 years. :(
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University