08-27-2019 03:48 AM - edited 07-05-2021 10:54 AM
Hi to all,
I use C3702e (autonomous mode) and C1852e (Mobility Express) device to have Wifi are in my house.
I notice that C1852e use Mobility Express, it seems that all setup can be done through webinterface.
But for security reason, i don't want to allow someone to be able to reach it through the AP in WIFI.
Does it can be possible to block 1852e web interface access for the personne connected to this AP ?
Best Regards.
08-27-2019 06:33 AM
08-27-2019 09:14 AM - edited 08-27-2019 09:35 AM
I use 3702e and 1852e to have wifi "everywhere" in my house.
Each AP has the same name, the goal is to don't loose connection if move from one AP to another when i move from first floor to second.
If i change my 3702e from Autonomous mode to lightweight, i think that i will loose this possibility?
If remember in lightweight mode, two AP can have this possibility?
What does it bring to manage 3702 from 1852?
I use the command line (didn't fiond option from WebUI).
It avoid anyone who is connected to AP in Wifi or from the LAN used by the AP.
I was thinking that it just limit person connected through Wifi, but it's the same for wired person on the same LAN.
It can be usefull when the setup is finished.
Many thanks in advance for your advise.
08-27-2019 10:39 PM
I just checked the manuals again. To connect the 3700 with the 1850 series, you need to be running 8.8.125.0 on both (or any older 8.8 release):
Currently you actually loose the connection, because you can't seamlessly roam between the two APs (they don't know of the used crypto keys, that are exchanged in the WPA2 encryption), unless you don't use any encryption.
09-06-2020 03:11 AM
Hi,
I purchase new AP C9120AXE converted to EWC.
This command does no more work to avoid access to management UI via wireless : config network mgmt-via-wireless disable
Do you know the new command to use please ?
Many thanks in advance.
09-06-2020 03:23 AM
09-06-2020 04:47 AM - edited 09-06-2020 08:27 AM
I retrieve the command with this page https://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/command_mapping/b_migr_3se_5700_mg/b_migr_32se_5700_mg_chapter_010.html
Previous command = config network mgmt-via-wireless disable
New command (IOS XE) = no wireless mgmt-via-wireless
I make
> conf t
> no wireless mgmt-via-wireless
> exit
> wr mem
> copy run start
No effect and i don't retrieve the command with show conf....
Is there a subtlety? a particular way to use it?
I don't have error when i enter it after a "conf t".
Please advise.
09-06-2020 09:12 AM
09-06-2020 09:48 AM
I already see this web link.
How can i open a Tac case ?
Does i need to have licence to open Tac case ?
09-06-2020 10:05 AM
I reply to myselft :)
I need contact to open Tac Case, so it's dead to go any further.
So this bug will never be solved unless someone tells them about it or discovers it.
It's huge that something like that would go unnoticed.
09-06-2020 10:27 AM
09-06-2020 10:47 AM
09-06-2020 12:14 PM - edited 09-06-2020 12:15 PM
No present at all if i fo a show conf ...
No reaction when i enter it like this wireless mgmt-via-wireless OR no wireless mgmt-via-wireless
If i do a show run | in wireless mgmt-via-wireless, it's didn't return anything because it's not present.
I have both C9120AXE, same things, i use the lastest firmware/IOS
09-06-2020 12:27 PM
09-06-2020 10:30 PM - edited 09-06-2020 10:32 PM
I don't have the courage to downgrade the firmware to fix this bug.
I'm surprised that a security setting like this doesn't work.
I'll do without it and hope that future updates will fix this problem.
My IOS version was 17.3.1 too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide