Controllers, service platforms and access points have mechanisms to allow or deny device access for separate interfaces and protocols (HTTP,HTTPS, Telnet, SSH or SNMP). Management access can be enabled or disabled as required for unique policies. The Management Access functionality is not meant to function as an ACL (in routers or other firewalls), where administrators specify and customize specific IP addresses to access specific interfaces.
Controllers and service platforms can be managed using multiple interfaces (SNMP, CLI and Web UI). By default, management access is unrestricted, allowing management access to any enabled IP interface from any host using any enabled management service.
To enhance security, administrators can apply various restrictions as needed to:
Restrict SNMP, CLI and Web UI access to specific hosts or subnets
Disable un-used and insecure interfaces as required within managed access profiles. Disabling un-used management services can dramatically reduce an attack footprint and free resources on managed devices
Provide authentication for management users
Apply access restrictions and permissions to management users
Management restrictions can be applied to meet specific policies or industry requirements requiring only certain devices or users be granted access to critical infrastructure devices. Management restrictions can also be applied to reduce the attack footprint of the device when guest services are deployed.
Note
Access points utilize a single Management Access policy, so ensure all the intended administrative roles, permissions, authentication and SNMP settings are correctly set. If an access point is functioning as a Virtual Controller AP, these are the access settings used by adopted access points of the same model as the Virtual Controller AP.