Restrict management access to WLC5500

Answered Question
Dec 23rd, 2009
User Badges:

Hi all,
We've configured all our WLC5500 devices with a service port interface, which we are using for management and monitoring. Since in our situation the management interface is reachable from Office networks, this means that office clients have the ability to reach the logon screens of the WLC.


Is the only possibility to restrict access to the GUI/SSH ports to place an access ports on the management interface, or am I missing a secret command / button that will let let me disable or restrict device management through the management interface?


In case I'm having to use a ACL on the WLC management interface, are there any known issues with denying access to the  http/https/telnet/ssh ports and LWAPs trying to connect?


Thank you,
Leon

Correct Answer by Stephen Rodriguez about 7 years 5 months ago

You've hit it on the nose.  you have to have an ACL that blocks the "non-admin" terminals from being able to http/https/telnet/ssh/snmp to the device.  so long as you have the permit ip any any at the end of the ACL, you should have no issues, or explicitly allow udp 5246/5247

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Stephen Rodriguez Wed, 12/23/2009 - 08:05
User Badges:
  • Purple, 4500 points or more

You've hit it on the nose.  you have to have an ACL that blocks the "non-admin" terminals from being able to http/https/telnet/ssh/snmp to the device.  so long as you have the permit ip any any at the end of the ACL, you should have no issues, or explicitly allow udp 5246/5247

Actions

This Discussion