Hi, this is my template for hardenning aruba CX swicth :
banner motd !
*******************************************************************************
* RESTRICTED ACCES *
*******************************************************************************
!
password complexity
enable
history-count 5
minimum-length 10
position-changes 5
lowercase-count 2
uppercase-count 2
special-char-count 2
numeric-count 2
!
user admin group administrators password plaintext Y0urH@rdP@$$!
no ip icmp redirect
no cdp enable
cli-session
timeout 15
! Disable aruba central if not used :
aruba-central
disable
!
! SSH HARDENNING - disable weak algo :
ssh server vrf default
no ssh server vrf mgmt
ssh ciphers chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com
ssh host-key-algorithms ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 rsa-sha2-256 rsa-sha2-512
ssh key-exchange-algorithms curve25519-sha256 curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256
ssh macs hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com
!
! RESTRICT ACCESS TO SWITCH :
access-list ip acl-ControlPlane
comment *** NETEDIT ***
permit tcp 10.X.X.X any eq 22
permit tcp 10.X.X.X any eq 443
permit udp 10.X.X.X any eq 161
comment *** SSH ADMIN ***
permit tcp 10.X.X.X/255.255.255.0 any eq 22
comment *** HTTPS admin ***
permit tcp 10.X.X.X any eq 443
comment *** SNMP ***
permit udp 10.X.X.X/255.255.255.0 any eq 161
comment *** LOGGING ***
permit udp any 10.X.X.X eq 514
comment *** NTP ***
permit udp any 10.X.X.X eq 123
comment *** DENY ***
deny tcp any any eq 22
deny tcp any any eq 443
deny tcp any any eq 80
deny udp any any eq 123
deny udp any any eq 514
deny udp any any eq 161
comment *** PERMIT OTHER ***
permit any any any log count
apply access-list ip acl-ControlPlane control-plane vrf default
!
ip source-interface all interface vlan1
!
https-server rest access-mode read-only
https-server vrf default
no https-server vrf mgmt
------------------------------
Laurent from Brest / France
Network Engineer
------------------------------
Original Message:
Sent: Nov 29, 2021 11:04 AM
From: MITF IT
Subject: Aruba 6300 SSH access restriction
Hi
I have Aruba 6300m Switch and I want to configure SSH restriction for specific IP only, I have searched in the configuration guide but I couldn't find anything for this.
is there any way to restrict SSH access?
Thanks
------------------------------
Qais Sherfeed
------------------------------