How to limit SSH access to the controller?

Aruba Employee
Requirement:

Aruba controller running 6.4 and above.

 



Solution:

We can use the in-build "firewall cp "function to achieve the same.



Configuration:

A. To permit SSH only from a particular subnet (10.10.1.0)

(config) #firewall cp

(config-fw-cp) #ipv4 permit 10.10.1.0 255.255.255.0 proto ssh

(config-fw-cp) #ipv4 deny any proto ssh

 

B. To permit SSH only from specific host(10.10.1.99):

(config) #firewall cp

(config-fw-cp) #ipv4 permit host 10.10.1.99 proto ssh

(config-fw-cp) #ipv4 deny any proto ssh

 

C. To block ALL access through SSH:

(config) #firewall cp

(config-fw-cp) #ipv4 deny any proto ssh

Please note that this configuration is not pushed from master to locals. It is controller specific configuration.

 

 



Verification

 

(local-6) (config-fw-cp) #show firewall-cp

CP firewall policies
--------------------
IP Version  Source IP  Source Mask    Protocol  Start Port  End Port  Action          hits  contract
----------  ---------  -----------    --------  ----------  --------  --------------  ----  --------
ipv4        10.10.1.0  255.255.255.0  6         22          22        Permit          0
ipv4        any                       6         22          22        Deny            0

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎03-24-2017 04:00 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.