Solved: Is it possible to disable weak SSH ciphers on capwap AP 3702i?

Ondrej Caha · ‎01-15-2021

Hello,

we have 3702i APs managed by 5508 WLC on 8.5.161.0 code and we have enabled SSH on APs. Is it also possible to disable weak ciphers (e.g. md5, HMAC ) on these APs ?

Thanks a lot

Ondrej

Scott Fella · ‎01-15-2021

I know you can enable high cipher on the controller, don’t know about the AP’s itself, but you could always disable ssh until you need it.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/administration_of_cisco_wlc.html

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎01-15-2021

I know you can enable high cipher on the controller, don’t know about the AP’s itself, but you could always disable ssh until you need it.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/administration_of_cisco_wlc.html

-Scott
*** Please rate helpful posts ***

yprasannas · ‎03-13-2024

Anyone found a solution related to disable weak ciphers for APs?

Disabling SSH on APs when needed has a negative impact...when AP has issues connecting to WLC we cannot SSH because it already has SSH disabled so when you need SSH to APs this option would block the access.

Thanks for your suggestions!

Prasanna

Cisco_OST · ‎06-04-2024

I can't get a confidante Cisco TAC engineer to tell me if this is possible or not when the APs are in controller mode.