Controllerless Networks

Reply
Contributor II

Console Access Permissions for the IAP

Hello!

 

I have an IAP-215 configured as a standalone AP.

 

I know that the console access can be completely disabled so that CLI access is disabled.

 

However, is there any way to disable this selectively?  For example, I don't want a wireless client device to be able to use a tool like putty to access the CLI or even allow a wireless to be able to access the WebUI.  The goal here is to only allow CLI/console/WebUI access via either the physcial console or ethernet port.

 

Is there any way to do this?  Would user roles or access rules or similar settings for the WLAN configuration be able to handle this?

 

Regards,

zummarius

Re: Console Access Permissions for the IAP

You can take the approach with access rules for the wireless users (roles) you want to prevent access to ssh (port 22/tcp) and the WebUI (port 4343/tcp)

 

Another option is the Management access configuration (Security -> Inbound Firewall) to set the IP subnets from which you want to allow management (and management traffic from other source IPs is then denied).

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Contributor II

Re: Console Access Permissions for the IAP

Sorry about the late, late, late response here.  This completely fell off my radar for a bit.

 

So, if I wanted to deny wireless users access to the SSH port I would run the following?

 

<config>

<wlan access-rule denySSH>

<rule any any match tcp 22 22 deny>

<end>

<commit apply>

 

How would I go about actually assigning the access rule to the WLAN?

Guru Elite

Re: Console Access Permissions for the IAP

In the SSID configuration, there is a tab called access control.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II

Re: Console Access Permissions for the IAP

cjoseph, yes, I found the WebUI location for this, but I'd like to do most of my configuraiton via a script so I don't have to deal with physcially opening the UI and clicking a bunch of options.

 

Looking for a CLI solution to set these access rules.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: