Controllerless Networks

 View Only
last person joined: 19 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Need help on configuration for access restriction to ssh and https on aruba WLC

Jump to Best Answer
This thread has been viewed 23 times
  • 1.  Need help on configuration for access restriction to ssh and https on aruba WLC

    Posted Dec 17, 2021 05:25 AM
    Hi everyone i am new to this aruba WLC environment.

    So can anyone please help me out on configuration.

    There is the requirement of only the limited persons from network management team can access the WLC using HTTPS or SSH only and other users shouldn't be able to access the controller.






    ------------------------------
    sanjib behera
    ------------------------------


  • 2.  RE: Need help on configuration for access restriction to ssh and https on aruba WLC

    MVP GURU
    Posted Dec 17, 2021 07:08 AM
    What version are you running?

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Need help on configuration for access restriction to ssh and https on aruba WLC
    Best Answer

    EMPLOYEE
    Posted Dec 17, 2021 11:22 AM
    Check page 19 of the ArubaOS Hardening Guide. The firewall-cp is probably what you are looking for, if these people are in a specific IP subnet.

    Otherwise, if the admins are in the same IP subnet (and don't have static IP) you can configure the role for these managers to allow access, and block in all other roles.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: Need help on configuration for access restriction to ssh and https on aruba WLC

    Posted Dec 20, 2021 06:10 AM
    Hi Herman,

    In my case the WLC management ip, users and admins are in the same IP subnet and all (users and admins) are getting IP address through DHCP.

    Will this configuration works for me ?


    ------------------------------
    sanjib behera
    ------------------------------



  • 5.  RE: Need help on configuration for access restriction to ssh and https on aruba WLC

    Posted Dec 21, 2021 08:11 AM
    One way to do it is using TACACS to control who access the Controllers using roles and ACtive directory groups.

    Example: You have the admins group in AD and then you use that group in the tacacs server to give access to the controller to the group's members only.
    The config in the controller is pretty simple but you have to spinup and configure the tacacs server.

    Hope this helps.

    ------------------------------
    Ulises Cazares
    ------------------------------



  • 6.  RE: Need help on configuration for access restriction to ssh and https on aruba WLC

    Posted Dec 22, 2021 03:57 AM
    Hi Herman,

    Thanks for the help on this configuration issue now it is working .

    I followed that document and configured my WLC accordingly and it is working good all unauthorized users are restricted to access my WLC.

    Syntax:-
    firewall cp
    ipv4 permit host 172.x.x.x proto 6 ports 443 443
    ipv4 deny any proto 6 ports 443 443

    ipv4 permit host 172.x.x.x proto 6 ports 4343 4343
    ipv4 deny any proto 6 ports 4343 4343

    ipv4 permit host 172.x.x.x proto 6 ports 22 22
    ipv4 deny any proto 6 ports 22 22




    ------------------------------
    sanjib behera
    ------------------------------