Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Requirement:
Aruba controller running 6.4 and above.
We can use the in-build "firewall cp "function to achieve the same.
A. To permit SSH only from a particular subnet (10.10.1.0)
(config) #firewall cp (config-fw-cp) #ipv4 permit 10.10.1.0 255.255.255.0 proto ssh (config-fw-cp) #ipv4 deny any proto ssh
B. To permit SSH only from specific host(10.10.1.99):
(config) #firewall cp (config-fw-cp) #ipv4 permit host 10.10.1.99 proto ssh (config-fw-cp) #ipv4 deny any proto ssh
C. To block ALL access through SSH:
(config) #firewall cp (config-fw-cp) #ipv4 deny any proto ssh
Please note that this configuration is not pushed from master to locals. It is controller specific configuration.
(local-6) (config-fw-cp) #show firewall-cp CP firewall policies -------------------- IP Version Source IP Source Mask Protocol Start Port End Port Action hits contract ---------- --------- ----------- -------- ---------- -------- -------------- ---- -------- ipv4 10.10.1.0 255.255.255.0 6 22 22 Permit 0 ipv4 any 6 22 22 Deny 0
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.