Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
6
Replies

wism2 mgmt via wireless

Go to solution
amar_5664
Level 1
Level 1

‎09-27-2011 07:55 PM - edited ‎07-03-2021 08:50 PM

Guys,

we have 2 WLCs deployed in a centralized architecture, i have disable management via wireless for both WLCs.

Apparently it only works for the one where client is connected to. If a  client is associated to WLC1 they will not be able to https/ssh but still can ssh/https to other WLC. After browsing through have mixed answers that it is how cisco WLC works.

i would want to know how can i disable manamgent access to both WLCs regardless of client association. Is there a way other than introducing ACL/ACEs.

I would expect this feature to disable mgmt access over wireless to both WLCs but disappointed as it is open for any client to attack/logon other WLC. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎09-27-2011 08:07 PM

Yea, I blogged about this... You arent suppose to ...

Q. With the Management via  Wireless feature enabled on wireless LAN controllers (WLCs) in a  mobility group, I can only access one WLC from that mobility group, but  not all. Why?



A. This is an expected behavior. When enabled, the Management  via Wireless feature allows a wireless client to reach or manage only  the WLC to which its associated access point is registered. The client  cannot manage other WLCs, even though these WLCs are in same mobility  groups. This is implemented for security, and recently was tightened  down to just the one WLC in order to limit exposure.

The Cisco WLAN Solution Management over Wireless feature allows Cisco  WLAN Solution operators to monitor and configure local WLCs using a  wireless client. This feature is supported for all management tasks,  except uploads to and downloads from (transfers to and from) the WLC.

This can be enabled through the WLC CLI with the config network mgmt-via-wireless enable command.

On the GUI, click Management; from the left-hand side click Mgmt Via Wireless, and check the box Enable Controller Management to be accessible from Wireless Clients.

Note: When you enable this option, you can expose the data.  Ensure that you have enabled a proper authentication and encryption  scheme.

By blog post:

http://www.my80211.com/home/2011/3/6/wlc-management-via-wireless-did-you-know.html

This is a bug that hasnt been fixed based on all the info I researched a bit ago.

At this point, there isnt much you can do with and ACL or such that I can think of.

I hope this helps ...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

0 Helpful
6 Replies 6

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎09-27-2011 08:07 PM

Yea, I blogged about this... You arent suppose to ...

Q. With the Management via  Wireless feature enabled on wireless LAN controllers (WLCs) in a  mobility group, I can only access one WLC from that mobility group, but  not all. Why?



A. This is an expected behavior. When enabled, the Management  via Wireless feature allows a wireless client to reach or manage only  the WLC to which its associated access point is registered. The client  cannot manage other WLCs, even though these WLCs are in same mobility  groups. This is implemented for security, and recently was tightened  down to just the one WLC in order to limit exposure.

The Cisco WLAN Solution Management over Wireless feature allows Cisco  WLAN Solution operators to monitor and configure local WLCs using a  wireless client. This feature is supported for all management tasks,  except uploads to and downloads from (transfers to and from) the WLC.

This can be enabled through the WLC CLI with the config network mgmt-via-wireless enable command.

On the GUI, click Management; from the left-hand side click Mgmt Via Wireless, and check the box Enable Controller Management to be accessible from Wireless Clients.

Note: When you enable this option, you can expose the data.  Ensure that you have enabled a proper authentication and encryption  scheme.

By blog post:

http://www.my80211.com/home/2011/3/6/wlc-management-via-wireless-did-you-know.html

This is a bug that hasnt been fixed based on all the info I researched a bit ago.

At this point, there isnt much you can do with and ACL or such that I can think of.

I hope this helps ...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
amar_5664
Level 1
Level 1
In response to George Stefanick

‎09-27-2011 09:22 PM

it does help but i had no intention to repeat what you mentioned... mine is a question and concern directed to Cisco deveopers

mate what do you mean i am not suppose to... i am not bound to requestion something that is unanswered ... lol ..

anyways thanks for your help... please share the love if we find an acceptable response/solution from Cisco.... will be raising with my Cisco AM and respond on your blog champ....

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to amar_5664

‎09-27-2011 09:31 PM

Wow, you mis read what I posted ... "

mate what do you mean i am not suppose to... i am not bound to requesting something that is unanswered"

I am stating this is a BUG. Did you read what I posted above. The issue you are having is not suppose to be that way ...

And thanks for the "champ" comment ...  ungrateful people

gezzzzzz

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
amar_5664
Level 1
Level 1
In response to George Stefanick

‎09-27-2011 09:34 PM

my baddd... apologies champ...

too many things going on same time!!! i do appreciate your responses ...

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to George Stefanick

‎09-27-2011 09:53 PM

LOL!

Hey George,

What the heck are you still awake for???

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Leo Laohoo

‎09-27-2011 10:11 PM

Yea, I know I need to hit the sack soon ...

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card