Can I prevent wireless users from logging into the Web interface

smsialane · ‎12-26-2006

With the Cisco 1100 AP's is there any way to prevent Wireless users from accessing the Telnet or HTTP administrations site.

We'd like this access available only to LAN client or even specific IP addresses.

Thanks,

m.sir · ‎12-27-2006

you can limit access to AP with access-list

Let we say only user with IP 192.168.10.10 can access AP

1.create standard ACL

AP(config)# access-list 10 permit host 192.168.10.10

Because the is an implicit deny on end of ACL only host 192.168.10.10 is valid host

2. Apply ACL to http access

AP(config)# ip http access-class 10

3. Access ACL to VTY (for telnet access)

AP(config)# line vty 0 4

AP(config-line)#access-class 10 in

M.

Hope that helps rate if it does

Richard Atkin · ‎01-20-2007

If it's a thin AP, there is a check-button you can push that prevents any wireless user from being able to administer the WLC.

HTH,

RA

smsialane · ‎01-20-2007

It is a 1120 with 802.11g modules.

Where in the web interface is this check box?

Richard Atkin · ‎01-21-2007

Select the 'Security' tab at the top of the WLC GUI, then 'Mgmt via Wireless' on the left.

Don't forget to hit apply ;o)

joch2joch · ‎08-31-2007

Hi all,

Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.

Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?

E.G.

AP(config)# access-list 101 deny tcp any any eq 22

AP(config)# access-list 101 deny tcp any any eq 23

AP(config)# access-list 101 permit ip any any

AP(config)# interface dot11radio

AP(config)# ip access-group 101 in