Wireless Access

Hi,

 

I like to have a management interface ACL feature as before. Can anybody have that idea? Is there  a possibility to be implemented in near future?

 

Like HP;

   ip authorized-managers 10.0.0.1 access manager

 

or lots of any other vendors.

 

Thanks in advance.

 

You could apply an ip access-group to the interface going to your uplink switch allowing only the ip segment you want allow to access the controller

Yes. This method also recommended elsewhere but it has some difficulties. It is more reasonable to add just one line solution. Even *nix has this feature, hosts.allow/deny. Why aruba does not have? 

 

 

Best regards.

 

Husnu Demir.

Can you please provide the sample configuration for the same ?

Here is the tip of Aruba.

 

http://community.arubanetworks.com/t5/Community-Knowledge-Base/How-to-Allow-or-Block-Management-of-the-Aruba-Controller-only/ta-p/27494

 

Neverthless, aruba engineers did not respond this req for a long time.

 

hdemir.

 

Thanks

We are currently using such an ACL.  

 

 

However it creates difficulties and problems.

 

Any time a new interface is added to the controller, it should be added to the ACL also.

 

Furthermore adding the ACL to the uplink port is not enough. It  should be added to all active interfaces and roles such as wireless or vpn roles.

 

Last but not the least important problem is; the requirement for firewall licence. Such ACL is only possible if he controler has firewall licence. It is not a good idea to need firewall licence just to protect the device itself, in situations where firewall for the users is not required.

 

 

 

Yes, I forget to tell the firewall licence. If you need to protect the controller, which is a MUST, you sould buy the firewall licence even if you did not need any firewall for users.

 

hdemir.