Network Management

 View Only
last person joined: 19 hours ago 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

SSH to ALL VLANs

This thread has been viewed 22 times
  • 1.  SSH to ALL VLANs

    Posted 15 days ago
    Dear friends, 

    I normally can access switches by their IP in management VLAN, however I suddenly noticed that I can SSH in to any VLAN's active gateway for example, (VLAN 32) 192.168.32.1 and 192.168.32.2 or (VLAN 24) 192.168.24.1 or 192.168.24.2....Would there be any security risks if some students logged in to a PC that connect to the production network and use SSH to access these switches although we have clearpass & Tacacs Authentication?

    Is it necessary to put an Access List to block SSH access from all VLANs except Server VLAN sth? Or it is ok to leave like this? 

    Thanks
    ML


    ------------------------------
    Becoming a Networking Engineer
    ------------------------------


  • 2.  RE: SSH to ALL VLANs

    EMPLOYEE
    Posted 14 days ago
    It all depends on your network policy and this extends even beyond your wireless.  Your network, if large enough should have a router separating users from the management network and should be able to block that traffic from the border.  If your network is a single flat network, this will be more challenging, of course.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: SSH to ALL VLANs

    Posted 4 days ago
    Actually I just remember now that I can use VTY ACL for allow only specified network scope. Does Aruba CX have the similar thing? 

    Thanks
    ML

    ------------------------------
    Becoming a Networking Engineer
    ------------------------------