While writing the mesh blog, I connected to the MESH_CLIENTS SSID and tried to managed the controller via SSH/https but wouldn’t work because of… Management over Wireless
In my opinion it’s a good security practice to deny wireless users management access to the controllers.
When i try to attempt an https connection to the controller it fails. I am on the WLAN via the mesh network – the access points and controllers are two floors down:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/50-1.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/51-1.png)
https into controller:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/53-1-1024x449.png)
SSH into controller provides a prompt but as soon as the username is entered the prompt disappears:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/52-1.png)
As the controller is connected to a remote terminal console I can make the changes remotely. Note: the controller can also be managed via the dynamic interfaces. Again, i wouldn’t recommend it. By default both management via wireless interface and dynamic interface is disable.
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/54-1-1024x794.png)
Trying to access the controller via the wireless user VLAN 12 – 10.0.12.3 should fail as well:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/55-1-1024x388.png)
To allow management via wireless perform the following.
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/56-1-1024x255.png)
I am still a wireless client on the network but now i should have access via SSH and https:
https:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/57-1-1024x324.png)
SSH:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/58.png)
To allow management via dynamic interface(s) perform the following:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/59.png)
I now have access to the controller via a dynamic inteface
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/60-1024x385.png)
To disable the feature:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/61.png)