cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
247
Views
0
Helpful
1
Replies

Restricting access to management webui/cli ME

leonarit
Level 1
Level 1

Hi!


I've been managing cisco AireOS(ME, non ME) setups for several years and I never had to restrict access to the management webui or cli until now.


I've done some searches on the internet and cisco docs and found the cpu acl feature.


Using an 1815i with the latest available image 8.10.196 configure a simple acl to allow access to 1 source only, but when I try to apply the acl I receive an error.

 

(Cisco Controller) >config acl cpu mgmt1
Failed in adding cpu acl rule
Failed in adding cpu acl rule
Failed in adding cpu acl rule


acl "mgmt1" config:

Index Dir Source IP Address/Netmask Destination IP Address/Netmask Prot Source Port Range Dest Port Range DSCP Action Counter
1 Any 192.168.1.225 / 255.255.255.255 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit 0
2 Any 0.0.0.0 / 0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Deny 0

 

Also tried to apply the acl directly to the management interface(config interface acl management) but didn't notice and change on the management traffic behavior.


I would like to check with this community if anyone has ever tried to restrict access to the webui/cli management in AireOS (standard or me).


I know that AireOS is a "dead" platform regarding bug fixes but maybe I will also ask for help from the support team.


Regards.



1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

i am afraid that is supported command for ME, that can only work for WLC.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card