Wireless Access

Reply
Frequent Contributor I

How to deny management access to 620 controller without firewall license?

Hello!

 

How to deny management access to 620 controller without firewall license?

I want to management access only from few IP-addresses.

 

Thank you!

Guru Elite

Re: How to deny management access to 620 controller without firewall license?

Use an extended ACL on the uplink. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: How to deny management access to 620 controller without firewall license?


opali@muk.ua wrote:

Hello!

 

How to deny management access to 620 controller without firewall license?

I want to management access only from few IP-addresses.

 

Thank you!


opali@mul.ua,

 

You can use the firewall whitelist under Configuration> Advanced Services> Stateful Firewall> ACL whitelist.  The ACL whitelist is a list of management traffic that is allowed to hit the controller.  The controller is managed using https on TCP 4343, so if I wanted to block web management traffic from the 192.168.1.0 network, I would click on ADD and do this:

acl-deny.png

acl2.png

 

Protocol Number 6 is TCP and of course port 4343 is the web management traffic.  If you click on Done then Apply, it will block web traffic.  YOU SHOULD BE VERY CAREFUL WITH THIS, OR MAKE SURE YOU ARE NEAR THE CONTROLLER WITH A CONSOLE CABLE JUST IN CASE YOU MAKE A MISTAKE THAT WILL LOCK YOU OUT OF THE MANAGEMENT WEB PAGE.

 

I locked myself out of the management web page using this example, so I had to SSH into the controller and remove the ACL that I created like this:

 

config t
firewall cp no ipv4 deny 192.168.1.0 255.255.255.0 proto "6" ports 4343 4343

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: