How do I restrict access to the controller management interface?

Aruba Employee
Aruba Employee

Question:  How do I restrict access to the controller management interface?


Product and Software: This article applies to all Aruba controllers and ArubaOS 3.1 and later.


Aruba provides multiple methods to manage the controller:

  • Web management interface using https connection on TCP port 4343.
  • Command line interface using SSH connection on TCP port 22.
  • Command line interface using Telnet connection on TCP port 23. This method is disabled by default.


To restrict the access to the management interface, you need to create an access control list to deny access on the ports listed above.


The following example illustrates the steps to deny user access from "student-net" to the controller web base interface.


Step 1: Create the service definition for TCP port 4343. SSH and Telnet services are defined in the configuration by default.



netservice c-svc-mgmt-https tcp 4343


Step 2: Create the source subnets.



netdestination student-net


Step 3: Create the list of controller IP addresses.



netdestination controller-ips


Step 4: Create the session-based IP access list.



ip access-list session mgmt-access-control
alias student-net alias controller-ips c-svc-mgmt-https deny log


Step 5: Assign the session-based IP access list to the top of user role.



user-role m-role
session-acl mgmt-access-control
session-acl allowall


Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 01:23 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: