Wired Intelligent Edge

Hi

I recently purchased 2 switches Aruba 8320 based on ArubaCX-OS

I want to allow specific addresses to access SNMP  & SSH

like the commands in aruba-os - 2930f for example:

ip authorized-managers 192.168.1.10 access-method ssh

ip authorized-managers 192.168.2.10 access-method access operator

ip authorized-managers 192.168.2.11 access-method access manager

I use only one VRF (the default)

How can i do it?

I checked this Topic:

https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/ip-authorized-managers-on-the-CX/td-p/557195

And it does not help me because the config on control plane blocks all traffic.

This way might help:

access-list ip authorized-ACL
10 permit tcp 192.168.1.10 any eq 22
20 permit tcp 192.168.2.10 any eq 22
21 permit tcp 192.168.2.10 any eq 443
22 permit tcp 192.168.2.10 any eq 80
23 permit udp 192.168.2.10 any eq 161
30 permit tcp 192.168.2.11 any eq 22
31 permit tcp 192.168.2.11 any eq 443
32 permit tcp 192.168.2.11 any eq 80
33 permit udp 192.168.2.11 any eq 161
90 deny tcp any any eq 22
91 deny tcp any any eq 443
92 deny tcp any any eq 80
93 deny udp any any eq 161
100 permit any any any

then

apply access-list ip authorized-ACL control-plane vrf default

Hi,

If I have a user who wants to access other http/https, it will not block the access to other sites?

No. This ACL is applied on the control-plane and not on the data-plane, so it does not impact user traffic.

Hi,

I config this command for checks:

access-list ip authorized-ACL
10 permit tcp 192.168.1.10 any eq 22
200 deny tcp any any eq 22
300 permit any any any

apply access-list ip authorized-ACL control-plane vrf default

After that stations do not get an IP address from DHCP for example

I do not know what other problem were created.

It does not work, Is there another solution similar to Cisco "line vty"?

This is strange. It should work. I would recommend to open a TAC case.