Original Message:
Sent: Feb 27, 2024 03:15 PM
From: Nate S
Subject: Aruba CX 6200M 'management-vlan' command alternative?
For anyone that comes across this thread looking for an ArubaOS to CX OS solution, I wound up answering my own question after doing some research into classes and policies.
For example: I want to resitrict ssh traffic going to VLAN 10 (10.0.10.0/24) from VLAN 20 (10.0.20.0/24) but not from VLAN 30 (10.0.30.0/24).
I can do this by making a class and applying it through a policy on VLAN 20:
class ip restrict-ssh 10 match tcp any 10.0.10.0/255.255.255.0 eq ssh!policy stop-ssh 10 class ip restrict-ssh action drop!vlan 20 apply policy restrict-ssh in
Doing this will allow regular traffic to still pass through the VLANs, including things like ICMP, but will specifically stop ssh traffic that tries to go from VLAN 20 to VLAN 10's subnet. The policy can be applied system-wide as well when adding 'vlan <vlan ID>' to the end of the class sequence: 10 match tcp any 10.0.10.0/24/255.255.255.0 eq ssh vlan 20.
This can then be applied in config mode instead of VLAN config mode, though it can only be applied to inbound traffic, not outbound.
Original Message:
Sent: Jan 16, 2024 09:23 AM
From: Nate S
Subject: Aruba CX 6200M 'management-vlan' command alternative?
Hello,
Recently we've started to undergo a move from some 2920 ArubaOS Switches in our network to the newer CX 6200M line, currently on FW 10.13.0010, and re-learning the CLI has been somewhat of a challenge. This was made easier after I was able to find the "CLI Reference Guide for ArubaOS-CX, ArubaOS-Switch, and Cisco IOS" from 2019, though I wasn't able to find a guide newer than this or with more information.
With that in mind, I wasn't able to find much information online about the 'management-vlan <VLAND ID>' command, which we've used extensively on our ArubaOS swicthes for locking down SSH access to a single VLAN's IP. Is there was an alternative command on the CX series that I may have missed?