08-28-2007 03:55 AM - edited 07-03-2021 02:33 PM
Hi,
I heard that it is possible to disable AP management from wireless network, but was unable to find it from the Software Configuration Guide.
Can anybody advise? I'm referring to the Cisco AP1240G access points.
THANKSSSSSS!
Joseph
08-28-2007 08:32 AM
Hi Joseph,
config network mgmt-via-wireless disable
To enable Cisco Wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.
From this doc;
http://www.cisco.com/en/US/docs/wireless/controller/4.0/command/reference/clic1.html#wp1324232
Hope this helps!
Rob
08-28-2007 05:45 PM
Hi all,
Thanks for the reply! But your suggestion only applies to the management of the wireless LAN controller, and not the access points themselves.
My environment does not have any wireless LAN controllers, only the 1240G access points. How do I stop associated clients from accessing the CLI/Web mgmt of the access points?
Hope this clarifies my original request.
Thanks all!
08-28-2007 09:20 AM
Hi Joseph,
In addition to Rob you can also try ,
GUI > Management > Mgmt via Wireless > Disable
Regards
~JG
08-29-2007 09:27 AM
Hi Joseph;
Have a look at this good answer to your question from Milan. He explains how to do this better that I ever could. Sorry for misunderstanding the original question :)
Hope this helps!
Rob
08-31-2007 01:39 AM
Hi Rob,
No need for apologies :)
Well, I had a look, but I wasn't that convinced because of 2 reasons:
- the ACL solution only permitted a certain IP to telnet/ssh. A wireless attacker can always spoof that same IP address
- the other solution required Wireless LAN Controllers, which I do not have
Anyway, here is the question that I re-posted on their thread:
********************************************
Hi all,
Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.
Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?
E.G.
AP(config)# access-list 101 deny tcp any any eq 22
AP(config)# access-list 101 deny tcp any any eq 23
AP(config)# access-list 101 permit ip any any
AP(config)# interface dot11radio
AP(config)# ip access-group 101 in
As I don't have any AP with me, I wonder if anybody can verify these commands :P
********************************************
THANKSSSS!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide