Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
2
Helpful
3
Replies

How to disable SSH on Cisco Aironet 28xx

Go to solution
bvj197222
Level 1
Level 1

‎10-30-2024 04:23 AM - edited ‎10-30-2024 04:24 AM

All of my AP's have SSH enabled:

xxx#sh running-config
AP Name : xxx-AP1
Admin State : Enabled
AP Mode : FlexConnect
AP Submode : Not Configured
Location : xxx
Primary controller name : XXXWLCXXXX
Primary controller IP : x.x.x.x
Secondary controller name :
Tertiary controller name :
Controller from DHCP offer : x.x.x.x
AP join priority : 1
IP Prefer-mode : IPv4
CAPWAP UDP-Lite : Unconfigured
Last Joined Controller name: XXXXXXXX
DTLS Encryption State : Disabled
Discovery Timer : 10
Heartbeat Timer : 30
CDP State : Enabled
Watchdog monitoring : Enabled
IOX : Disabled
RRM State : Enabled
LSC State : Disabled
SSH State : Enabled
AP Username : admin
Session Timeout : 300
Extlog Host : 255.255.255.255
Extlog Flags : 0
Extlog Status Interval : 0
Syslog Host : 255.255.255.255
Syslog Facility : 0
Syslog Level : informational
Core Dump File Compression : Disabled
Core Dump Filename :
Client Trace Status : Enabled(All)
Client Trace All Clients : Enabled
Client Trace Filter : 0x0000000E
Client Trace Out ConsoleLog: Disabled
AP WSA Mode : Disabled
Auxiliary-client Interface : Disabled

For security reasons I want to disable SSH on AP's, but I don't know how? Been reading various articles but all of them requires me logging into the AP and do it manually. We have more than 200 AP's so that's not an option. It must be possible to turn it off on the WLC? We're running Cisco Catalyst 9800-CL Wireless Controller, ver 17.9.4a

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎10-30-2024 04:28 AM

 

  - Somewhere in the AP Join profile , this access can be specified and or disabled too (together with telnet)
     don't know the exact menu for the moment , guess you can find it quickly , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marce1000
VIP
VIP

‎10-30-2024 04:28 AM

 

  - Somewhere in the AP Join profile , this access can be specified and or disabled too (together with telnet)
     don't know the exact menu for the moment , guess you can find it quickly , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
bvj197222
Level 1
Level 1
In response to marce1000

‎10-30-2024 04:46 AM

You're absolutely right: 

bvj197222_0-1730288752528.png

 

Go to solution
marce1000
VIP
VIP

‎10-30-2024 04:40 AM

 

   - From CLI that would be :
                 config #  ap profile  <your-ap-profle-here>
                                    no ssh
                                    exit

                (don't forget to save the configuration)

 M. 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card