That is a topic where people can have different views. I think the
ArubaOS-Switch hardening guide is a good starting point, and with cloud management having out-of-band management is less logical. I would allow SSH traffic, or access to the serial console as backup mechanism.
Your Aruba partner can probably assist you in creating the optimal design. The official Aruba product training covers the topic of in-band/out-of-band management as well and the practical answer is: 'it depends'.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: May 08, 2021 01:34 AM
From: Dennis Sevilla
Subject: Typical Aruba Central setup
We're finally moving to Aruba Central as our NMS. The thing is we're moving from a not-so-mature 'system' where switch access is pretty open from the old nms. I was wondering if anyone can point me to a 'best practices' document that's that can guide me. My browsing has given me answers that are too generic. What I'm looking for is first, security. How should access layer switches be monitored (by Central)? Do you limit switch access to a management vlan (only accessible via Central)? What is your backup access plan (out of band)?
------------------------------
Dennis Sevilla
------------------------------