Wired

last person joined: 5 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

ip authorized-managers on the CX

Jump to Best Answer
  • 1.  ip authorized-managers on the CX

    Posted Oct 24, 2019 12:26 PM

    is there an equivalent command to the Switch ip authorized-managers to secure the mgmt interface on the OS-CX,

     

    We are using the Loopback for mgmt as well and routing, so would need IP connectivity, but not SSH, HTTPS etc etc.

     

     

     



  • 2.  RE: ip authorized-managers on the CX
    Best Answer

    Posted Oct 24, 2019 12:59 PM

    Yes, this is ACL applied to the control-plane:

    Create your ACL using permit/deny (be specific so you can have a permit any any any at the end) and apply the ACL to the control-plane in the proper VRF.

    Example:

    apply access-list ip ACL-name control-plane vrf mgmt



  • 3.  RE: ip authorized-managers on the CX

    Posted Aug 02, 2020 11:08 AM

    Hi,

     

    I have the same problem

    I want to allow specific addresses to access SNMP (ro+rw) & SSH

    like the commands in aruba-os - 2930f for example:

    ip authorized-managers 192.168.1.10 access-method ssh

    ip authorized-managers 192.168.2.10 access-method access operator

    ip authorized-managers 192.168.2.11 access-method access manager

    I use only one VRF (the default)

     

    How can i do it?

     

     



  • 4.  RE: ip authorized-managers on the CX

    Posted Oct 26, 2020 05:06 PM


  • 5.  RE: ip authorized-managers on the CX

    Posted Oct 29, 2020 06:04 PM
    Here is the ACL I'm using for this:

    access-list ip AUTHORIZED-MANAGERS
    10 comment JUMP STATION
    10 permit any 192.168.1.10 any
    20 comment IT MANAGER
    20 permit any 192.168.1.11 any
    30 comment NETWORK ADMIN
    30 permit any 192.168.1.12 any
    40 comment AIRWAVE SERVER
    40 permit any 192.168.1.13 any

    Apply it to the control plane with these commands:

    apply access-list ip AUTHORIZED-MANAGERS control-plane vrf default
    apply access-list ip AUTHORIZED-MANAGERS control-plane vrf mgmt

    ------------------------------
    Timothy Leadbetter
    ------------------------------