Thanks. As far as I can tell, there are no related patches added in 8.10.0.12 or 8.10.0.13 where an upgrade may help fix your problem. This sounds like a bug if not a routing / firewall issue between subnets.
Original Message:
Sent: Jul 12, 2024 07:59 AM
From: matt pollard
Subject: Mobility Conductor / Master Webgui admin interface restriction
8.10.0.11
------------------------------
matt
Original Message:
Sent: Jul 10, 2024 01:19 PM
From: schmelzle
Subject: Mobility Conductor / Master Webgui admin interface restriction
What version is on the MCr?
Original Message:
Sent: Jul 10, 2024 01:11 PM
From: abertay
Subject: Mobility Conductor / Master Webgui admin interface restriction
Yes, SSH works fine and is stable. Can ping from both sides. Tried Chrome, Edge and Firefox. Just had a two hour TAC sessions and they can't work it out either and have taken a diagnostic log.
------------------------------
matt
Original Message:
Sent: Jul 10, 2024 11:53 AM
From: schmelzle
Subject: Mobility Conductor / Master Webgui admin interface restriction
Can you SSH to the MM from the other subnet?
What about accessing a different device on the same subnet as the MM from the other subnet?
Have you tried different browsers?
Original Message:
Sent: Jul 10, 2024 11:34 AM
From: abertay
Subject: Mobility Conductor / Master Webgui admin interface restriction
No direct. Subnet to subnet , No acl.
------------------------------
matt
Original Message:
Sent: Jul 10, 2024 11:24 AM
From: schmelzle
Subject: Mobility Conductor / Master Webgui admin interface restriction
Is your IP traffic passing through a firewall before reaching the MCr? Perhaps blocking 4343?
Original Message:
Sent: Jul 10, 2024 11:10 AM
From: abertay
Subject: Mobility Conductor / Master Webgui admin interface restriction
Its strange. I can ping it and i can get as far as it showing me its an untrusted cert (self-gen) and if i hit refresh a load of times quickly i get the logon box, but i can't logon.
------------------------------
matt
Original Message:
Sent: Jul 10, 2024 10:46 AM
From: Herman Robers
Subject: Mobility Conductor / Master Webgui admin interface restriction
If you can reach the WebUI from the same subnet but not from another subnet, it may be as simple as routing; either to the MM or back to your client.
It's not by design IMHO. I connect to multiple MM WebUIs from a different subnet and never had issues (except for firewalls blocking or routing not in place).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 10, 2024 06:26 AM
From: abertay
Subject: Mobility Conductor / Master Webgui admin interface restriction
Hi,
I've recently found that i can only access the webgui of the Aruba MM from the same subnet as the server. Is this by design? I've been through the hardening guide and the config on the server and can't see any config that is locking it down and wondered if there is a way to open it to an IP outside of its subnet?
I thought there might be a Web lockdown acl or setting like on clearpass, but can't seem to find it. maybe i'm missing something.
thanks,
------------------------------
matt
------------------------------