01-28-2019 03:07 PM
Hello,
I'm using 12.8.2.2-NGVASEP18.
I'd like to learn about management access to my AP and how to limit it.
https://thehivecommunity.aerohive.com/s/article/How-to-Connect-to-an-AP-using-SSH describes how to connect to an AP via SSH.
But there's also an HTTP/HTTPS web user interface.
I don't want to expose those to anyone but the management systems.
"Device SSH Availability" in the docs (http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-device-ssh-availability.htm) tells me that I have to eneable SSH before I can use it... well, on my device it is not enabled, nor did I enable the WUI. Still I can log in via both.
My questions are:
Probably I can create a firewall policy, but I believe that management access should be handeled by an ACL at first.... how can this be done?
Thank you!
Best regards,
Armin
01-28-2019 04:00 PM
The setting for SSH availability in the Global Settings of the HiveManager is intended to enable to Proxy SSH connections through HiveManager to a target AP. Once this option is enabled in the HiveManager, Going into the device configuration of any Aerohive device will show "SSH" under "Additional Device Settings".
The physical Aerohive devices have SSH enabled by default. Regarding restricting SSH access, ideally, Aerohive devices would be placed in their our management VLAN. Client traffic would be segmented off in their own VLAN, with firewall rules preventing clients from access devices in the Aerohive management