Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
6
Replies

Enable Controller Managemet From Wireless Clients

Go to solution
Puneet Gupta
Level 1
Level 1

‎01-25-2013 07:53 AM - edited ‎07-03-2021 11:25 PM

Hi

We have three SSID's

CORP SSID

GUEST SSID

MGMT SSID

I want to know ,Client wants the controller access from MGMT SSID where all the IT guys are sitting on their wirless laptop and at the same time they do not to get controller access for other SSID that is for corp and guest users.

If i check this all the SSID are able to get the controller access and if uncheck this , no wireless user is able to get the access of controller.

Is there any way to give the controller access to MGMT wireless users ?

Thanks.....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Puneet Gupta

‎01-25-2013 08:37 AM

You can do it on either... I prefer on the core thatn on the WLC, but thats up to you.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-25-2013 08:00 AM

Not really, because if you have another WLC and users are connected to AP's on WLC2, they can access WLC1.  The only way is to setup an acl to only allow subnets to access the WLC management ip.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Puneet Gupta
Level 1
Level 1
In response to Scott Fella

‎01-25-2013 08:03 AM

Hi Scott

Thanks for the reply

Do i need to craete the ACL on controller or on the core switches where vlans are created.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Puneet Gupta

‎01-25-2013 08:37 AM

You can do it on either... I prefer on the core thatn on the WLC, but thats up to you.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-25-2013 09:51 AM

Here is the other thing I see a lot. What about your corp SSID. Are users on that subnet able to get to your management devices like servers or switches? This is why I prefer to use ACLs on the core. You have a dedicated management vlan in which you have access to everything, but the other subnets in clouding wired needs to have ACLs in place or else wired users can access the WLC also. Makes sense?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Puneet Gupta
Level 1
Level 1
In response to Scott Fella

‎01-25-2013 11:34 AM

Hi Scott

No CORP and GUEST are not allowed to get the network device access and we restricted the acces throgh ACL on core switches and applied on VTY .

This is only for Controller access ,every single wireless user is able to get the WLC access irrespective of SSID.

GUEST SSID is using web authenication and CORP is using certificate based authenication.If i make the ACL and put the WLC IP in deny list then WLC GUEST redirect page is not coming on the guest machine.

So want to know which port i need to blocked so that guest should not get the WLC's access?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Puneet Gupta

‎01-25-2013 12:35 PM

Well if your using a guest anchor, the WLC is in the DMZ so there wouldn't be any routing back. But if your not anchoring the SSID, then maybe look at using a CPU ACL on the WLC.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card