Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable HTTP at AP running 7.4.100.0 with WLC 5508

     

     

    Introduction

    How do I disable http at the AP level with 5508 running 7.4.100.0.

    Scenario

    Use running controller 5508 with 7.4.100.0, with 76 3602I AP's connected. Each AP responds to an HTTP request, asking for username and password at the AP. How to disable this and not disable https:// at the WLC?

     

    1.jpg

     

    This is the IP of the AP, not the controller. user only want to allow SSH to the AP's, for diagnostic support when necessary. User have other 5508's running 7.0.98.0, 7.0.240.0, and 7.3.116.0, and they do not do this.

    NOTE:-

    Only an AP that is in OEAP mode should respond to an HTTP/S request

    Solution

    CSCuf66202 HTTP port 80 open on Access Points when controller is 7.4.100.0

    To be fixed in the 7.4 MR1 release, due out this summer. In general, lightweight AP's are not supposed to have TCP port 80 open, unless they are operating in OEAP mode.

    As far as manually configuring "no ip http server" on the AP - this does not survive a reboot. TAC has asked for a general purpose way to configure lightweight AP's:

    2.jpg

    CSCsy17873 support general purpose method of configuring AP's

    This has not been committed ... if people in the field think this would be useful, please communicate that to your friendly neighborhood Cisco sales team.

    CSCuf66202 is not fixed in 7.4.100.60. It will be fixed in the next CCO release of 7.4 ("7.4 MR1"), as well as in the 7.5 release. If you require a fix sooner, you should ask your TAC engineer to open a BU escalation ticket and request an escalation build with the fix.

    Additional Information

    You can enable or disable the single modes (SSH and Telnet) at the AP itself.

    Wireless --> All AP's --> "Access Point" --> Advanced --> activate the mode you need.

    For the WLC itself you can disable or enable it via the way :-

    Open telnet session of your WLC and follow the below steps

    1. Go to the Management section

    2. Click on HTTP-HTTPS

    3. Chose appropriate option to enable or disable to HTTP feature.

    As a temporary solution, this below mentioned command can be run on individual AP but this will not be saved on AP's and once AP reboots this has to be repeated on all AP's. This behavior is only noticed in 7.4.100.0. Enable SSH to the AP via WLC:-

    In case of Autonomus AP - How to enable or disable the web interface

    The web browser command in the CLI is

    "ip http server" for port 80 HTTP
    
    "ip http secure-server" for port 443 HTTPS
    
    ENABLE
    
    ap(config)#ip http server
    
    ap(config)#ip http secure-server
    
    DISABLE - You negate the command with "no"
    
    ap(config)#no ip http server
    
    ap(config)#no ip http secure-server

    Reference

    This document was generated from the following discussion: How do I disable http at the AP level with 5508 running 7.4.100.0

    1000
    Views
    0
    Helpful
    0
    Comments