Disabling AP management from wireless network

Unanswered Question
Aug 28th, 2007
User Badges:

Hi,


I heard that it is possible to disable AP management from wireless network, but was unable to find it from the Software Configuration Guide.


Can anybody advise? I'm referring to the Cisco AP1240G access points.


THANKSSSSSS!


Joseph

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Rob Huffman Tue, 08/28/2007 - 08:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Joseph,


config network mgmt-via-wireless disable


To enable Cisco Wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.


From this doc;


http://www.cisco.com/en/US/docs/wireless/controller/4.0/command/reference/clic1.html#wp1324232


Hope this helps!

Rob

joch2joch Tue, 08/28/2007 - 17:45
User Badges:

Hi all,


Thanks for the reply! But your suggestion only applies to the management of the wireless LAN controller, and not the access points themselves.


My environment does not have any wireless LAN controllers, only the 1240G access points. How do I stop associated clients from accessing the CLI/Web mgmt of the access points?


Hope this clarifies my original request.



Thanks all!


Jagdeep Gambhir Tue, 08/28/2007 - 09:20
User Badges:
  • Red, 2250 points or more

Hi Joseph,

In addition to Rob you can also try ,


GUI > Management > Mgmt via Wireless > Disable



Regards

~JG

Rob Huffman Wed, 08/29/2007 - 09:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Joseph;


Have a look at this good answer to your question from Milan. He explains how to do this better that I ever could. Sorry for misunderstanding the original question :)


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddd1f07/0#selected_message


Hope this helps!

Rob

joch2joch Fri, 08/31/2007 - 01:39
User Badges:

Hi Rob,


No need for apologies :)


Well, I had a look, but I wasn't that convinced because of 2 reasons:

- the ACL solution only permitted a certain IP to telnet/ssh. A wireless attacker can always spoof that same IP address

- the other solution required Wireless LAN Controllers, which I do not have



Anyway, here is the question that I re-posted on their thread:


********************************************

Hi all,


Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.


Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?


E.G.

AP(config)# access-list 101 deny tcp any any eq 22

AP(config)# access-list 101 deny tcp any any eq 23

AP(config)# access-list 101 permit ip any any


AP(config)# interface dot11radio

AP(config)# ip access-group 101 in


As I don't have any AP with me, I wonder if anybody can verify these commands :P


********************************************


THANKSSSS!



Actions

This Discussion

 

 

Trending Topics - Security & Network