Unsure why you want to prevent the APs to communicate to Central, as apparently there is a valid subscription attached to it.
You can also disable all cloud communication from the AP configuration in the CLI: "activate-disable"
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 24, 2024 08:42 AM
From: topher
Subject: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances
Does anyone have an updated list? I am blocking all of the provided addresses and the IAPs are still connecting to Central. Thanks in advance.
Original Message:
Sent: Dec 21, 2017 04:42 AM
From: ggessler
Subject: Complete List of IP-Addresses or DNS-Names of Aruba Central Instances
Dear all,
I have some 70+ IAPs deployed at serveral sites, all with a firewall between the IAP management network and the Internet. Therefore I need to configure appropriate firewall rules to let traffic from the IAPs / VC through to Aruba Central.
After investigating the traffic, I found that my IAPs connect to the following IPs:
- 52.208.175.191 ec2-52-208-175-191.eu-west-1.compute.amazonaws.com
- 52.211.173.59 ec2-52-211-173-59.eu-west-1.compute.amazonaws.com
- 35.161.26.163 ec2-35-161-26-163.us-west-2.compute.amazonaws.com
- 52.210.133.162 ec2-52-210-133-162.eu-west-1.compute.amazonaws.com
- 54.154.194.92 ec2-54-154-194-92.eu-west-1.compute.amazonaws.com
- 35.166.103.179 ec2-35-166-103-179.us-west-2.compute.amazonaws.com
- 52.40.248.70 ec2-52-40-248-70.us-west-2.compute.amazonaws.com
- 52.27.193.179 ec2-52-27-193-179.us-west-2.compute.amazonaws.com
As this are all AWS-Systems, I assume that the IPs can change at any time. Are the public documented DNS-Names for those systems available, so I can configure firewall rules based on those names? Letting all IAPs connect to all IPs in the Internet for access to Aruba Central causes me some headache.
Having a complete list of which IPs/DNS-Names an IAP manged by Aruba Central needs to be able to contact would help here very much. From different sources I have assembled the following list:
- Activate Service: device.arubanetworks.com
- AppCentral: app1.central.arubanetworks.com, app2.central.arubanetworks.com
- FirmwareUpdates: images.arubanetworks.com, d2vxf1j0rhr3p0.cloudfront.net
- CloudGuest: euw1.cloudguest.central.arubanetworks.com, 54.194.135.148
Thanks, Gerhard