Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Disabling AP management from wireless network

Hi,

I heard that it is possible to disable AP management from wireless network, but was unable to find it from the Software Configuration Guide.

Can anybody advise? I'm referring to the Cisco AP1240G access points.

THANKSSSSSS!

Joseph

5 REPLIES
Hall of Fame Super Red

Re: Disabling AP management from wireless network

Hi Joseph,

config network mgmt-via-wireless disable

To enable Cisco Wireless LAN controller management from an associated wireless client, use the config network mgmt-via-wireless command.

From this doc;

http://www.cisco.com/en/US/docs/wireless/controller/4.0/command/reference/clic1.html#wp1324232

Hope this helps!

Rob

New Member

Re: Disabling AP management from wireless network

Hi all,

Thanks for the reply! But your suggestion only applies to the management of the wireless LAN controller, and not the access points themselves.

My environment does not have any wireless LAN controllers, only the 1240G access points. How do I stop associated clients from accessing the CLI/Web mgmt of the access points?

Hope this clarifies my original request.

Thanks all!

Re: Disabling AP management from wireless network

Hi Joseph,

In addition to Rob you can also try ,

GUI > Management > Mgmt via Wireless > Disable

Regards

~JG

Hall of Fame Super Red

Re: Disabling AP management from wireless network

Hi Joseph;

Have a look at this good answer to your question from Milan. He explains how to do this better that I ever could. Sorry for misunderstanding the original question :)

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddd1f07/0#selected_message

Hope this helps!

Rob

New Member

Re: Disabling AP management from wireless network

Hi Rob,

No need for apologies :)

Well, I had a look, but I wasn't that convinced because of 2 reasons:

- the ACL solution only permitted a certain IP to telnet/ssh. A wireless attacker can always spoof that same IP address

- the other solution required Wireless LAN Controllers, which I do not have

Anyway, here is the question that I re-posted on their thread:

********************************************

Hi all,

Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.

Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?

E.G.

AP(config)# access-list 101 deny tcp any any eq 22

AP(config)# access-list 101 deny tcp any any eq 23

AP(config)# access-list 101 permit ip any any

AP(config)# interface dot11radio

AP(config)# ip access-group 101 in

As I don't have any AP with me, I wonder if anybody can verify these commands :P

********************************************

THANKSSSS!

175
Views
10
Helpful
5
Replies
CreatePlease to create content