How to limit SSH access to the controller?

Aruba Employee

Aruba controller running 6.4 and above.



We can use the in-build "firewall cp "function to achieve the same.


A. To permit SSH only from a particular subnet (

(config) #firewall cp

(config-fw-cp) #ipv4 permit proto ssh

(config-fw-cp) #ipv4 deny any proto ssh


B. To permit SSH only from specific host(

(config) #firewall cp

(config-fw-cp) #ipv4 permit host proto ssh

(config-fw-cp) #ipv4 deny any proto ssh


C. To block ALL access through SSH:

(config) #firewall cp

(config-fw-cp) #ipv4 deny any proto ssh

Please note that this configuration is not pushed from master to locals. It is controller specific configuration.





(local-6) (config-fw-cp) #show firewall-cp

CP firewall policies
IP Version  Source IP  Source Mask    Protocol  Start Port  End Port  Action          hits  contract
----------  ---------  -----------    --------  ----------  --------  --------------  ----  --------
ipv4  6         22          22        Permit          0
ipv4        any                       6         22          22        Deny            0




Version history
Revision #:
2 of 2
Last update:
‎03-24-2017 04:00 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: