04-04-2014 11:05 AM
We have noticed that our Aruba's external port that connects it to the WWW is seeing SSH traffic from China and the Korea. Since we never remote into the device. We would like to shut that down.
If that is not possible we could like to see about limiting the attempts to connect to it befoe it refuses to respond to attempt to hack in to it. So if someone tried 3 times then the account would be locked for 30 minutes before the account could be used to try and get in again.
I would appreciate any help or suggestions on how to achieve this
Solved! Go to Solution.
04-04-2014 11:38 AM
You would probably want to put a port ACL on it: The ACL below only allows the uplink of the controller (fastethernet 1/0) to get DHCP from the provider. Outbound traffic is allowed, but no inbound traffic besides DHCP is allowed.
ip access-list session dhcp-only any any svc-dhcp permit any any any deny
interface fastethernet 1/0 ip access-group dhcp-only session
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
04-04-2014 11:45 AM
But I need to have normal AP traffic cross the WWW port, but just want to block inbound SSH traffic
Arizona Tile LLC
8829 S Priest Drive, Tempe, Arizona 85284
04-04-2014 11:47 AM