05-22-2013 02:54 AM - edited 05-22-2013 02:54 AM
I like to have a management interface ACL feature as before. Can anybody have that idea? Is there a possibility to be implemented in near future?
ip authorized-managers 10.0.0.1 access manager
or lots of any other vendors.
Thanks in advance.
05-22-2013 03:07 AM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
05-22-2013 03:27 AM
Yes. This method also recommended elsewhere but it has some difficulties. It is more reasonable to add just one line solution. Even *nix has this feature, hosts.allow/deny. Why aruba does not have?
05-29-2013 04:16 AM
Here is the tip of Aruba.
Neverthless, aruba engineers did not respond this req for a long time.
05-29-2013 06:05 AM - edited 05-29-2013 06:19 AM
We are currently using such an ACL.
However it creates difficulties and problems.
Any time a new interface is added to the controller, it should be added to the ACL also.
Furthermore adding the ACL to the uplink port is not enough. It should be added to all active interfaces and roles such as wireless or vpn roles.
Last but not the least important problem is; the requirement for firewall licence. Such ACL is only possible if he controler has firewall licence. It is not a good idea to need firewall licence just to protect the device itself, in situations where firewall for the users is not required.
05-29-2013 07:04 AM
Yes, I forget to tell the firewall licence. If you need to protect the controller, which is a MUST, you sould buy the firewall licence even if you did not need any firewall for users.