Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC 5508

I'm working on restricting access to the management interface to prevent others from accessing the UI/SSH of the controller.  I added an ACL and enabled an CPU ACL.  What else do I need to add rules to allow for the CPU interface? (RADIUS, DHCP, ?)

Running version 7.4.110.0

Everyone's tags (4)
4 REPLIES
Hall of Fame Super Gold

WLC 5508

Forget the ACL.  Enable RADIUS or TACACS.

You can specify Read Only and Read/Write access to the WLC by putting specific groups.

Bronze

Re: WLC 5508

you just need to deny what you want to and allow any else

Sent from Cisco Technical Support iPad App

Re: WLC 5508

Even easier yet .. Turn off managament VIA wireless .. But radius . tacacs is the better way for the wired and wireless side.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Bronze

WLC 5508

Option: 1

To prevent or block a wired or wireless client from accessing the management network on a controller (from the wireless client dynamic interface or VLAN), the network administrator must ensure that only authorized clients gain access to the management network through proper CPU ACLs, or use a firewall between the client dynamic interface and the management network.

Option: 2

Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the management interface of the controller.

Note:

For GUI & CLI- Management Interface Configuration, Please check the below Link

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_011011.html

374
Views
0
Helpful
4
Replies
CreatePlease login to create content