Management Policy

Controllers and service platforms have mechanisms to allow or deny device access for separate interfaces and protocols such as HTTP, HTTPS, Telnet, SSH, or SNMP. Management access can be enabled or turned off as required for unique policies. The Management functionality is not meant to function as an ACL (in routers or other firewalls), where administrators specify and customize specific IP addresses to access specific interfaces.

Controllers and service platforms can be managed using multiple interfaces (SNMP, CLI, and Web UI). By default, management access is unrestricted, allowing management access to any enabled IP interface from any host using any enabled management service.

To enhance security, administrators can apply various restrictions such as:

Restrict SNMP, CLI, and Web UI access to specific hosts or subnets
Clear unused and insecure interfaces as required within managed access profiles. Deactivating unused management services can reduce an attack footprint and free resources on managed devices
Provide authentication for management users
Apply access restrictions and permissions to management users

Management restrictions can be applied to meet specific policies or industry requirements requiring only certain devices or users to be granted access to critical infrastructure devices. Management restrictions can also be applied to reduce the attack footprint of the device when guest services are deployed.

Note

Access points utilize a single Management access policy. Ensure that all the intended administrative roles, permissions, authentication, and SNMP settings are correctly set. If an access point is functioning as a Virtual Controller, these are the access settings used by adopted access points of the same model as the Virtual Controller.

Note

Users must be given Telnet permission at the user-level within a management policy for successful Remote CLI access and login. For more information, see Set Access Control Configuration.