Controllerless Networks

 View Only
  • 1.  Complete List of IP-Addresses or DNS-Names of Aruba Central Instances

    Posted Dec 21, 2017 04:42 AM

    Dear all,

    I have some 70+ IAPs deployed at serveral sites, all with a firewall between the IAP management network and the Internet. Therefore I need to configure appropriate firewall rules to let traffic from the IAPs / VC through to Aruba Central.

     

    After investigating the traffic, I found that my IAPs connect to the following IPs:

    • 52.208.175.191 ec2-52-208-175-191.eu-west-1.compute.amazonaws.com
    • 52.211.173.59 ec2-52-211-173-59.eu-west-1.compute.amazonaws.com
    • 35.161.26.163 ec2-35-161-26-163.us-west-2.compute.amazonaws.com
    • 52.210.133.162 ec2-52-210-133-162.eu-west-1.compute.amazonaws.com
    • 54.154.194.92 ec2-54-154-194-92.eu-west-1.compute.amazonaws.com
    • 35.166.103.179 ec2-35-166-103-179.us-west-2.compute.amazonaws.com
    • 52.40.248.70 ec2-52-40-248-70.us-west-2.compute.amazonaws.com
    • 52.27.193.179 ec2-52-27-193-179.us-west-2.compute.amazonaws.com

    As this are all AWS-Systems, I assume that the IPs can change at any time. Are the public documented DNS-Names for those systems available, so I can configure firewall rules based on those names? Letting all IAPs connect to all IPs in the Internet for access to Aruba Central causes me some headache.

     

    Having a complete list of which IPs/DNS-Names an IAP manged by Aruba Central needs to be able to contact would help here very much. From different sources I have assembled the following list:

    • Activate Service: device.arubanetworks.com
    • AppCentral: app1.central.arubanetworks.com, app2.central.arubanetworks.com
    • FirmwareUpdates: images.arubanetworks.com, d2vxf1j0rhr3p0.cloudfront.net
    • CloudGuest: euw1.cloudguest.central.arubanetworks.com, 54.194.135.148

    Thanks, Gerhard



  • 2.  RE: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances

    Posted Aug 22, 2018 09:37 AM

    And there is more for Europe: 

     

    https://portal-eu.central.arubanetworks.com

    https://app2-eu.central.arubanetworks.com/

    https://central-eu.cloudguest.arubanetworks.com

     

     

     

    As I am assuming you are doing this to establish fw openings outbound to central you will also need to access sso sites for 2 factor as well as google, but the last two to manage. You need TCP/443 to these sites and to device.arubanetworks.com / activate.arubanetworks.com

    NTP  UDP/123 to pool.ntp.org 

     



  • 3.  RE: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances

    Posted Aug 26, 2024 06:18 AM

    Does anyone have an updated list? I am blocking all of the provided addresses and the IAPs are still connecting to Central. Thanks in advance.




  • 4.  RE: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances

    Posted Aug 26, 2024 10:28 AM

    https://www.arubanetworks.com/techdocs/central/latest/content/nms/device-mgmt/communication_ports.htm



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances

    Posted Aug 27, 2024 04:41 AM

    Unsure why you want to prevent the APs to communicate to Central, as apparently there is a valid subscription attached to it.

    You can also disable all cloud communication from the AP configuration in the CLI: "activate-disable"



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------