Question: How do I restrict access to the controller management interface?
Product and Software: This article applies to all Aruba controllers and ArubaOS 3.1 and later.
Aruba provides multiple methods to manage the controller:
To restrict the access to the management interface, you need to create an access control list to deny access on the ports listed above.
The following example illustrates the steps to deny user access from "student-net" to the controller web base interface.
Step 1: Create the service definition for TCP port 4343. SSH and Telnet services are defined in the configuration by default.
netservice c-svc-mgmt-https tcp 4343
Step 2: Create the source subnets.
netdestination student-net network 10.168.120.0 255.255.248.0 network 10.168.109.64 255.255.255.192
Step 3: Create the list of controller IP addresses.
netdestination controller-ips host 22.214.171.124 host 10.168.109.70
Step 4: Create the session-based IP access list.
ip access-list session mgmt-access-control alias student-net alias controller-ips c-svc-mgmt-https deny log
Step 5: Assign the session-based IP access list to the top of user role.
user-role m-role session-acl mgmt-access-control session-acl allowall
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.