- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
10-11-2019 12:02 AM
Hi all,
I'm configuring a new aruba controller, model 7024, with Aruba OS 6.5.4.13.
I was configuring the management access, so only one interface can access to the controller management via web or ssh. The weUI access s through 4343 port and ssh access through 22 port, so I made an acl, configure it to the interface and it works fine.
I want to configure the same setting on other controllers, such a 7205 with the same version of Aruba OS.
In this controller I can access to webUI through 4343 port or 443, if I attack 443 it doesn´t redirection to 4343 port, like the new 7024 controller does. Is it normal? Could I deny traffic to the controller through 443 port without affect clients connected to the WLANs?
Is there any option to configure the port access to webUI?
Thanks in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
10-11-2019 12:59 AM
By default access to the web interface via 443 is disabled. This option would have to have been enabled for this to work.
You can check using the following:
(Aruba7030) #show web-server profile Web Server Configuration ------------------------ Parameter Value --------- ----- --------------- TRUNCATED --------------- Enable WebUI access on HTTPS port (443) false --------------- TRUNCATED ---------------
ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Controller Management Access
10-11-2019 01:37 AM
Thanks a lot.
Now I've configured web-server with the command:
no web-https-port-443
And now the url https://hostnameController redirect automatically to 4343 port.
I'm going to continue with the acl configuration for the controller access due to deny 4343 and 22 connection to interfaces except to admin vlan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Controller Management Access
10-11-2019 04:58 AM
The classic way of determining what is allowed to contact the controller on what ports is the "firewall-cp" command. https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/1cli-commands/firewall-cp.htm?Highlight=firewall%20cp
Type "show firewall-cp internal" to see what is allowed to contact the controller on what ports. You can then carefully decide what source subnets are allowed to contact the controller on ports 4343 and 22 and configure it. Please understand that the maximum number of rules is 64.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Controller Management Access
10-13-2019 10:24 AM
Thanks, I'll check that way to control the access to the controller.
The way I thought was a firewall policy type session linked to the port interface (this port is trunk mode and allowed all vlans), which blocks any access with 4343 and 22 port to the controller's ip on user's vlans and permits these connections to the controller's ip on admin vlan.
In the network's core I have an acl which permit or deny access to the admin vlan.
I've tested it with a new 7024 controller and it worked, but I'm going to check you said, thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Controller Management Access
10-13-2019 04:35 PM
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Controller Management Access
10-24-2019 10:59 PM
Finally it works but I have to rolled back the configuration.
People which create guest wifi tickets aren't able to access to the website to do this. They haven't access to admin vlan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator