Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
10
Helpful
5
Replies

Disabling AP management from wireless network

joch2joch
Level 1
Level 1

‎08-28-2007 03:55 AM - edited ‎07-03-2021 02:33 PM

Hi,

I heard that it is possible to disable AP management from wireless network, but was unable to find it from the Software Configuration Guide.

Can anybody advise? I'm referring to the Cisco AP1240G access points.

THANKSSSSSS!

Joseph

Labels:
0 Helpful
5 Replies 5

Rob Huffman
Hall of Fame
Hall of Fame

‎08-28-2007 08:32 AM

Hi Joseph,

config network mgmt-via-wireless disable

To enable Cisco Wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.

From this doc;

http://www.cisco.com/en/US/docs/wireless/controller/4.0/command/reference/clic1.html#wp1324232

Hope this helps!

Rob

joch2joch
Level 1
Level 1
In response to Rob Huffman

‎08-28-2007 05:45 PM

Hi all,

Thanks for the reply! But your suggestion only applies to the management of the wireless LAN controller, and not the access points themselves.

My environment does not have any wireless LAN controllers, only the 1240G access points. How do I stop associated clients from accessing the CLI/Web mgmt of the access points?

Hope this clarifies my original request.

Thanks all!

0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎08-28-2007 09:20 AM

Hi Joseph,

In addition to Rob you can also try ,

GUI > Management > Mgmt via Wireless > Disable

Regards

~JG

Rob Huffman
Hall of Fame
Hall of Fame

‎08-29-2007 09:27 AM

Hi Joseph;

Have a look at this good answer to your question from Milan. He explains how to do this better that I ever could. Sorry for misunderstanding the original question :)

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddd1f07/0#selected_message

Hope this helps!

Rob

0 Helpful

joch2joch
Level 1
Level 1
In response to Rob Huffman

‎08-31-2007 01:39 AM

Hi Rob,

No need for apologies :)

Well, I had a look, but I wasn't that convinced because of 2 reasons:

- the ACL solution only permitted a certain IP to telnet/ssh. A wireless attacker can always spoof that same IP address

- the other solution required Wireless LAN Controllers, which I do not have

Anyway, here is the question that I re-posted on their thread:

********************************************

Hi all,

Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.

Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?

E.G.

AP(config)# access-list 101 deny tcp any any eq 22

AP(config)# access-list 101 deny tcp any any eq 23

AP(config)# access-list 101 permit ip any any

AP(config)# interface dot11radio

AP(config)# ip access-group 101 in

As I don't have any AP with me, I wonder if anybody can verify these commands :P

********************************************

THANKSSSS!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card