Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restrict management access to WLC5500

Hi all,
We've configured all our WLC5500 devices with a service port interface, which we are using for management and monitoring. Since in our situation the management interface is reachable from Office networks, this means that office clients have the ability to reach the logon screens of the WLC.

Is the only possibility to restrict access to the GUI/SSH ports to place an access ports on the management interface, or am I missing a secret command / button that will let let me disable or restrict device management through the management interface?

In case I'm having to use a ACL on the WLC management interface, are there any known issues with denying access to the  http/https/telnet/ssh ports and LWAPs trying to connect?


Thank you,
Leon

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Restrict management access to WLC5500

You've hit it on the nose.  you have to have an ACL that blocks the "non-admin" terminals from being able to http/https/telnet/ssh/snmp to the device.  so long as you have the permit ip any any at the end of the ACL, you should have no issues, or explicitly allow udp 5246/5247

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
1 REPLY

Re: Restrict management access to WLC5500

You've hit it on the nose.  you have to have an ACL that blocks the "non-admin" terminals from being able to http/https/telnet/ssh/snmp to the device.  so long as you have the permit ip any any at the end of the ACL, you should have no issues, or explicitly allow udp 5246/5247

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
509
Views
0
Helpful
1
Replies
CreatePlease login to create content