Well, I had a look, but I wasn't that convinced because of 2 reasons:
- the ACL solution only permitted a certain IP to telnet/ssh. A wireless attacker can always spoof that same IP address
- the other solution required Wireless LAN Controllers, which I do not have
Anyway, here is the question that I re-posted on their thread:
Sorry to re-ignite this issue, but I'm also interested in disabling mgmt over the wireless medium.
Let's say I have a Cisco AP1240G and no Wireless LAN Controllers, can I achieve the same result if I created an ACL that blocks all telnet/ssh traffic, and apply that ACL to all inbound traffic on the wireless interface?
AP(config)# access-list 101 deny tcp any any eq 22
AP(config)# access-list 101 deny tcp any any eq 23
AP(config)# access-list 101 permit ip any any
AP(config)# interface dot11radio
AP(config)# ip access-group 101 in
As I don't have any AP with me, I wonder if anybody can verify these commands :P
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...