This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limiting Management Access to AP

Limiting Management Access to AP

wies_hays
New Contributor III

‎01-28-2019 03:07 PM

Hello,

 

I'm using 12.8.2.2-NGVASEP18.

 

I'd like to learn about management access to my AP and how to limit it.

 

https://thehivecommunity.aerohive.com/s/article/How-to-Connect-to-an-AP-using-SSH describes how to connect to an AP via SSH.

 

But there's also an HTTP/HTTPS web user interface.

I don't want to expose those to anyone but the management systems.

 

"Device SSH Availability" in the docs (http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-device-ssh-availability.htm) tells me that I have to eneable SSH before I can use it... well, on my device it is not enabled, nor did I enable the WUI. Still I can log in via both.

 

My questions are:

  • What is the idea behind the "Device SSH Availability" setting?
  • How can I limit management (SSH / WUI / whatever there might be) by an ACL?

 

Probably I can create a firewall policy, but I believe that management access should be handeled by an ACL at first.... how can this be done?

 

Thank you!

 

Best regards,

Armin

0 Kudos
5 REPLIES 5

Ash_Finch
Contributor III

‎06-26-2020 12:22 PM

Yes, you can turn off the Web access by going into the policy > additional settings > management options > tick “Disable WebUI without disabling CWP”

0 Kudos

mlee
New Contributor

‎06-22-2020 02:21 PM

We’re looking to do something similar at the moment.
Our APs are accessible internally via HTTP/HTTPS, and want to turn that off, so they’re only accessible via SSH or through Aerohive.
Is this even possible?

0 Kudos

reinhardg
Contributor II

‎02-24-2020 01:12 PM

We have the same challenge: It's not possible to disable SSH-access to the APs. Our env is: Hivemanager 19.5.1.7-NGVA, AP550 with HiveOS 10.0r8. We unchecked "Enable SSH" in the corresponding Traffic Filter, we unchecked "Enable SSH" in the Optional Settings of the AP and we unchecked "Enable SSH" under SSH Availability in the Global Settings. The AP still accepts SSH-connections. What else has to be done?

0 Kudos

wies_hays
New Contributor III

‎01-29-2019 10:19 AM

Hi Michael,

 

thank you for clarifying this.

 

Unfortunately we don't have a Management VLAN on which a gateway could filter out unwanted management access.

On all of our other devices we set up ACLs which limit management connection attempts.

 

So, on HiveOS devices this cannot be done?

Can you please confirm that the only way to limit management access is through the firewall on that HiveOS device?

 

Thank you!

 

Best regards,

Armin

0 Kudos
GTM-P2G8KFN