Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Can I prevent wireless users from logging into the Web interface

With the Cisco 1100 AP's is there any way to prevent Wireless users from accessing the Telnet or HTTP administrations site.

We'd like this access available only to LAN client or even specific IP addresses.

Thanks,

5 REPLIES
Gold

Re: Can I prevent wireless users from logging into the Web inter

you can limit access to AP with access-list

Let we say only user with IP 192.168.10.10 can access AP

1.create standard ACL

AP(config)# access-list 10 permit host 192.168.10.10

Because the is an implicit deny on end of ACL only host 192.168.10.10 is valid host

2. Apply ACL to http access

AP(config)# ip http access-class 10

3. Access ACL to VTY (for telnet access)

AP(config)# line vty 0 4

AP(config-line)#access-class 10 in

M.

Hope that helps rate if it does

Re: Can I prevent wireless users from logging into the Web inter

If it's a thin AP, there is a check-button you can push that prevents any wireless user from being able to administer the WLC.

HTH,

RA

Community Member

Re: Can I prevent wireless users from logging into the Web inter

It is a 1120 with 802.11g modules.

Where in the web interface is this check box?

Re: Can I prevent wireless users from logging into the Web inter

Select the 'Security' tab at the top of the WLC GUI, then 'Mgmt via Wireless' on the left.

Don't forget to hit apply ;o)

Community Member

Re: Can I prevent wireless users from logging into the Web inter

Hi all,

Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.

Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?

E.G.

AP(config)# access-list 101 deny tcp any any eq 22

AP(config)# access-list 101 deny tcp any any eq 23

AP(config)# access-list 101 permit ip any any

AP(config)# interface dot11radio

AP(config)# ip access-group 101 in

240
Views
10
Helpful
5
Replies
CreatePlease to create content