Cloud Managed Networks

 View Only
last person joined: 4 days ago 

Forum to discuss all things Aruba Central and UXI Network Management, this includes Aruba Central managed networks, Central configuration, best practices, Central APIs, Cloud Guest, AIOps, Presence Analytics and Other Central Applications
Expand all | Collapse all

Disable Web Interface on Switches from Central

This thread has been viewed 8 times
  • 1.  Disable Web Interface on Switches from Central

    Posted Nov 18, 2022 12:07 AM
    Hi all,

    I was hoping someone can answer a question for me:

    How do you disable the (HTTP )WebUI and Telnet on AOS-S switches from Aruba Central?  It's very simple on Central-Managed Access Points, you do it from Config>System:

    Shows how to disable Telnet and HTTP connectivity.
    But on a switch that option doesn't exist and I can't find anything comparable.  I'd like to reduce our attack surface by disabling these unused cleartext protocols.  Is it possible, if so how?

    Oh, the switches are being managed using the web config mode not template mode, so it needs to be a GUI option not a command-line option.

    Many thanks.


  • 2.  RE: Disable Web Interface on Switches from Central

    EMPLOYEE
    Posted Nov 24, 2022 04:35 AM
    I think that cannot be done through the GUI. Please reach out to Aruba TAC to report the issue. If it is a large number of switches, they might find a way to get the commands inserted through the API.

    If it is a handful of switches, you could connect to the switch, enter central-support-mode, issue the commands to disable telnet and http-web, then disable support mode again:
    sw00(config)# aruba-central support-mode enable
    sw00(config)# no telnet-server
    sw00(config)# no web-management plaintext
    sw00(config)# aruba-central support-mode disable​

    The config should stay there even after central takes management control again.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Disable Web Interface on Switches from Central

    Posted Nov 24, 2022 06:06 PM
    Hi Herman,

    Thanks for that information.  I think we have a low enough number of switches to just issue the commands. I assumed it would be overwritten by Central but I tried one switch and the changes have stuck.

    That said - I think disabling plaintext protocols is a basic enough security measure that it really should be in the UI.

    L8r.