12-26-2006 01:47 PM - edited 07-03-2021 01:25 PM
With the Cisco 1100 AP's is there any way to prevent Wireless users from accessing the Telnet or HTTP administrations site.
We'd like this access available only to LAN client or even specific IP addresses.
Thanks,
12-27-2006 03:54 AM
you can limit access to AP with access-list
Let we say only user with IP 192.168.10.10 can access AP
1.create standard ACL
AP(config)# access-list 10 permit host 192.168.10.10
Because the is an implicit deny on end of ACL only host 192.168.10.10 is valid host
2. Apply ACL to http access
AP(config)# ip http access-class 10
3. Access ACL to VTY (for telnet access)
AP(config)# line vty 0 4
AP(config-line)#access-class 10 in
M.
Hope that helps rate if it does
01-20-2007 05:18 AM
If it's a thin AP, there is a check-button you can push that prevents any wireless user from being able to administer the WLC.
HTH,
RA
01-20-2007 11:07 AM
It is a 1120 with 802.11g modules.
Where in the web interface is this check box?
01-21-2007 02:01 AM
Select the 'Security' tab at the top of the WLC GUI, then 'Mgmt via Wireless' on the left.
Don't forget to hit apply ;o)
08-31-2007 01:35 AM
Hi all,
Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.
Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?
E.G.
AP(config)# access-list 101 deny tcp any any eq 22
AP(config)# access-list 101 deny tcp any any eq 23
AP(config)# access-list 101 permit ip any any
AP(config)# interface dot11radio
AP(config)# ip access-group 101 in
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide