CCIE Enterprise Wireless (v1.0) – 4. Wireless Security and Identity Management – 4.1.c Management via wireless and dynamic interface

By 80211 80211CCIE Enterprise wireless

While writing the mesh blog, I connected to the MESH_CLIENTS SSID and tried to managed the controller via SSH/https but wouldn’t work because of… Management over Wireless

In my opinion it’s a good security practice to deny wireless users management access to the controllers.

When i try to attempt an https connection to the controller it fails. I am on the WLAN via the mesh network – the access points and controllers are two floors down:

https into controller:

SSH into controller provides a prompt but as soon as the username is entered the prompt disappears:

As the controller is connected to a remote terminal console I can make the changes remotely. Note: the controller can also be managed via the dynamic interfaces. Again, i wouldn’t recommend it. By default both management via wireless interface and dynamic interface is disable.

Trying to access the controller via the wireless user VLAN 12 – 10.0.12.3 should fail as well:

To allow management via wireless perform the following.

I am still a wireless client on the network but now i should have access via SSH and https:

https:

SSH:

To allow management via dynamic interface(s) perform the following:

I now have access to the controller via a dynamic inteface

To disable the feature:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.