Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How to limit SSH access to the controller? 

Mar 24, 2017 07:00 PM

Requirement:

Aruba controller running 6.4 and above.

 



Solution:

We can use the in-build "firewall cp "function to achieve the same.



Configuration:

A. To permit SSH only from a particular subnet (10.10.1.0)

(config) #firewall cp

(config-fw-cp) #ipv4 permit 10.10.1.0 255.255.255.0 proto ssh

(config-fw-cp) #ipv4 deny any proto ssh

 

B. To permit SSH only from specific host(10.10.1.99):

(config) #firewall cp

(config-fw-cp) #ipv4 permit host 10.10.1.99 proto ssh

(config-fw-cp) #ipv4 deny any proto ssh

 

C. To block ALL access through SSH:

(config) #firewall cp

(config-fw-cp) #ipv4 deny any proto ssh

Please note that this configuration is not pushed from master to locals. It is controller specific configuration.

 

 



Verification

 

(local-6) (config-fw-cp) #show firewall-cp

CP firewall policies
--------------------
IP Version  Source IP  Source Mask    Protocol  Start Port  End Port  Action          hits  contract
----------  ---------  -----------    --------  ----------  --------  --------------  ----  --------
ipv4        10.10.1.0  255.255.255.0  6         22          22        Permit          0
ipv4        any                       6         22          22        Deny            0

 

 

 

Statistics
0 Favorited
10 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.