07-19-2013 05:51 AM - edited 07-04-2021 12:28 AM
Hello All,
I am testing my wireless network. I used some third party tool and found that 443 and 22 ports are still open on the Dynamic Interface IP of the controller.when a guest user gained access and if he tries for the interface IP then it shows the Username: prompt and closing.
Can we restrict it by using ACL..? I tried ACL but no luck.
Any help here..
Solved! Go to Solution.
07-19-2013 07:45 AM
16666 is the 'mobility' port, it's what the WLC uses to communicate with other members of the Moblity Group.
For the most part, if you haven't enabled management-via-wireless and/or management-via-dynamic-interface you don't really need to worry about it.
The under lying *nix OS is what initialy answers, but the actual application will kill the session.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
07-19-2013 05:59 AM
I believe that you need to create a CPU ACL to stop this.
Steve
Sent from Cisco Technical Support iPhone App
07-19-2013 06:30 AM
Many thanks for your reply.
Can u please guide me here how to deny 443 on dynamic int ip ?
07-19-2013 06:40 AM
Here are some guides that will explane how:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a7c988.shtml
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-19-2013 06:44 AM
Omg... I did with it wrongly i guess..
my all access to WLC is gone now. It looks like in the acl i have not permitted any any.
What can i do ..?
07-19-2013 07:12 AM
reboot, and/or attach to the console port and remove the ACL from the interface and CPU
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
07-19-2013 07:38 AM
Yeah... I rebooted it... fortunately i didnt save it.. got access back...thanks for your care...
CPU ACL resolved my previous issue. Now i am not getting 443 and 22 as opened in my tool. but newly two ports 444 and 161113 are shown opened.
How it is .?
07-19-2013 07:45 AM
16666 is the 'mobility' port, it's what the WLC uses to communicate with other members of the Moblity Group.
For the most part, if you haven't enabled management-via-wireless and/or management-via-dynamic-interface you don't really need to worry about it.
The under lying *nix OS is what initialy answers, but the actual application will kill the session.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
07-19-2013 07:47 AM
I got it Stephen ... Thanks a lot for your time..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: