This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limiting Management Access to AP

Limiting Management Access to AP

wies_hays
New Contributor III

‎01-28-2019 03:07 PM

Hello,

 

I'm using 12.8.2.2-NGVASEP18.

 

I'd like to learn about management access to my AP and how to limit it.

 

https://thehivecommunity.aerohive.com/s/article/How-to-Connect-to-an-AP-using-SSH describes how to connect to an AP via SSH.

 

But there's also an HTTP/HTTPS web user interface.

I don't want to expose those to anyone but the management systems.

 

"Device SSH Availability" in the docs (http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-device-ssh-availability.htm) tells me that I have to eneable SSH before I can use it... well, on my device it is not enabled, nor did I enable the WUI. Still I can log in via both.

 

My questions are:

  • What is the idea behind the "Device SSH Availability" setting?
  • How can I limit management (SSH / WUI / whatever there might be) by an ACL?

 

Probably I can create a firewall policy, but I believe that management access should be handeled by an ACL at first.... how can this be done?

 

Thank you!

 

Best regards,

Armin

0 Kudos
5 REPLIES 5

michael_bernard
New Contributor

‎01-28-2019 04:00 PM

The setting for SSH availability in the Global Settings of the HiveManager is intended to enable to Proxy SSH connections through HiveManager to a target AP. Once this option is enabled in the HiveManager, Going into the device configuration of any Aerohive device will show "SSH" under "Additional Device Settings".

 

The physical Aerohive devices have SSH enabled by default. Regarding restricting SSH access, ideally, Aerohive devices would be placed in their our management VLAN. Client traffic would be segmented off in their own VLAN, with firewall rules preventing clients from access devices in the Aerohive management

0 Kudos
GTM-P2G8KFN