Controllerless Networks

Reply
Highlighted
Contributor II

Console Access Permissions for the IAP

Hello!

 

I have an IAP-215 configured as a standalone AP.

 

I know that the console access can be completely disabled so that CLI access is disabled.

 

However, is there any way to disable this selectively?  For example, I don't want a wireless client device to be able to use a tool like putty to access the CLI or even allow a wireless to be able to access the WebUI.  The goal here is to only allow CLI/console/WebUI access via either the physcial console or ethernet port.

 

Is there any way to do this?  Would user roles or access rules or similar settings for the WLAN configuration be able to handle this?

 

Regards,

zummarius


Accepted Solutions
Highlighted
Guru Elite

Re: Console Access Permissions for the IAP

In the SSID configuration, there is a tab called access control.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
MVP Guru

Re: Console Access Permissions for the IAP

You can take the approach with access rules for the wireless users (roles) you want to prevent access to ssh (port 22/tcp) and the WebUI (port 4343/tcp)

 

Another option is the Management access configuration (Security -> Inbound Firewall) to set the IP subnets from which you want to allow management (and management traffic from other source IPs is then denied).

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Contributor II

Re: Console Access Permissions for the IAP

Sorry about the late, late, late response here.  This completely fell off my radar for a bit.

 

So, if I wanted to deny wireless users access to the SSH port I would run the following?

 

<config>

<wlan access-rule denySSH>

<rule any any match tcp 22 22 deny>

<end>

<commit apply>

 

How would I go about actually assigning the access rule to the WLAN?

Highlighted
Guru Elite

Re: Console Access Permissions for the IAP

In the SSID configuration, there is a tab called access control.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Contributor II

Re: Console Access Permissions for the IAP

cjoseph, yes, I found the WebUI location for this, but I'd like to do most of my configuraiton via a script so I don't have to deal with physcially opening the UI and clicking a bunch of options.

 

Looking for a CLI solution to set these access rules.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: