Put the management interfaces of the APs on a separate VLAN from the wireless clients. then write and apply an access list on the LAN router such that wireless clients cannot reach the AP management vlan.
I find that being able to get to the aps from a wireless client greatly aids troubleshooting, tho. Maybe TACACS is a better solution.
Just replace x.x.x.x with the ip host you want to have access, you can also specify a subnet without the host keyword but using host is more secure. TACACS or Radius is a more secure solution but requires a Radius server to authenticate to. If you have one, let me know and I can shoot you the appropriate configurations.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...