CCIE Enterprise Wireless (v1.0) – 4. Wireless Security and Identity Management – 4.1.c Management via wireless and dynamic interface

Posted on Posted in CCIE Enterprise wireless

While writing the mesh blog, I connected to the MESH_CLIENTS SSID and tried to managed the controller via SSH/https but wouldn’t work because of… Management over Wireless

In my opinion it’s a good security practice to deny wireless users management access to the controllers.

When i try to attempt an https connection to the controller it fails. I am on the WLAN via the mesh network – the access points and controllers are two floors down:



https into controller:


SSH into controller provides a prompt but as soon as the username is entered the prompt disappears:


As the controller is connected to a remote terminal console I can make the changes remotely. Note: the controller can also be managed via the dynamic interfaces. Again, i wouldn’t recommend it. By default both management via wireless interface and dynamic interface is disable.

Trying to access the controller via the wireless user VLAN 12 – 10.0.12.3 should fail as well:


To allow management via wireless perform the following.


I am still a wireless client on the network but now i should have access via SSH and https:

https:


SSH:


To allow management via dynamic interface(s) perform the following:


I now have access to the controller via a dynamic inteface


To disable the feature:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.