topic wism2 mgmt via wireless in Wireless

wism2 mgmt via wireless

amar_5664 — Sun, 04 Jul 2021 03:50:04 GMT

Guys,

we have 2 WLCs deployed in a centralized architecture, i have disable management via wireless for both WLCs.

Apparently it only works for the one where client is connected to. If a client is associated to WLC1 they will not be able to https/ssh but still can ssh/https to other WLC. After browsing through have mixed answers that it is how cisco WLC works.

i would want to know how can i disable manamgent access to both WLCs regardless of client association. Is there a way other than introducing ACL/ACEs.

I would expect this feature to disable mgmt access over wireless to both WLCs but disappointed as it is open for any client to attack/logon other WLC.

wism2 mgmt via wireless

George Stefanick — Wed, 28 Sep 2011 03:07:06 GMT

Yea, I blogged about this... You arent suppose to ...

Q. With the Management via Wireless feature enabled on wireless LAN controllers (WLCs) in a mobility group, I can only access one WLC from that mobility group, but not all. Why?

A. This is an expected behavior. When enabled, the Management via Wireless feature allows a wireless client to reach or manage only the WLC to which its associated access point is registered. The client cannot manage other WLCs, even though these WLCs are in same mobility groups. This is implemented for security, and recently was tightened down to just the one WLC in order to limit exposure.
The Cisco WLAN Solution Management over Wireless feature allows Cisco WLAN Solution operators to monitor and configure local WLCs using a wireless client. This feature is supported for all management tasks, except uploads to and downloads from (transfers to and from) the WLC.
This can be enabled through the WLC CLI with the config network mgmt-via-wireless enable command.
On the GUI, click Management; from the left-hand side click Mgmt Via Wireless, and check the box Enable Controller Management to be accessible from Wireless Clients.
Note: When you enable this option, you can expose the data. Ensure that you have enabled a proper authentication and encryption scheme.

By blog post:

http://www.my80211.com/home/2011/3/6/wlc-management-via-wireless-did-you-know.html

This is a bug that hasnt been fixed based on all the info I researched a bit ago.

At this point, there isnt much you can do with and ACL or such that I can think of.

I hope this helps ...

wism2 mgmt via wireless

amar_5664 — Wed, 28 Sep 2011 04:22:20 GMT

it does help but i had no intention to repeat what you mentioned... mine is a question and concern directed to Cisco deveopers

mate what do you mean i am not suppose to... i am not bound to requestion something that is unanswered ... lol ..

anyways thanks for your help... please share the love if we find an acceptable response/solution from Cisco.... will be raising with my Cisco AM and respond on your blog champ....

Re: wism2 mgmt via wireless

George Stefanick — Wed, 28 Sep 2011 04:31:47 GMT

Wow, you mis read what I posted ... "

mate what do you mean i am not suppose to... i am not bound to requesting something that is unanswered"

I am stating this is a BUG. Did you read what I posted above. The issue you are having is not suppose to be that way ...

And thanks for the "champ" comment ... ungrateful people

gezzzzzz

wism2 mgmt via wireless

amar_5664 — Wed, 28 Sep 2011 04:34:33 GMT

my baddd... apologies champ...

too many things going on same time!!! i do appreciate your responses ...

Re: wism2 mgmt via wireless

Leo Laohoo — Wed, 28 Sep 2011 04:53:50 GMT

LOL!

Hey George,

What the heck are you still awake for???

Re: wism2 mgmt via wireless

George Stefanick — Wed, 28 Sep 2011 05:11:22 GMT

Yea, I know I need to hit the sack soon ...