Controllerless Networks

Hello!

I have an IAP-215 configured as a standalone AP.

I know that the console access can be completely disabled so that CLI access is disabled.

However, is there any way to disable this selectively?  For example, I don't want a wireless client device to be able to use a tool like putty to access the CLI or even allow a wireless to be able to access the WebUI.  The goal here is to only allow CLI/console/WebUI access via either the physcial console or ethernet port.

Is there any way to do this?  Would user roles or access rules or similar settings for the WLAN configuration be able to handle this?

Regards,

zummarius

You can take the approach with access rules for the wireless users (roles) you want to prevent access to ssh (port 22/tcp) and the WebUI (port 4343/tcp)

Another option is the Management access configuration (Security -> Inbound Firewall) to set the IP subnets from which you want to allow management (and management traffic from other source IPs is then denied).

Sorry about the late, late, late response here.  This completely fell off my radar for a bit.

So, if I wanted to deny wireless users access to the SSH port I would run the following?

<config>

<wlan access-rule denySSH>

<rule any any match tcp 22 22 deny>

<end>

<commit apply>

How would I go about actually assigning the access rule to the WLAN?

cjoseph, yes, I found the WebUI location for this, but I'd like to do most of my configuraiton via a script so I don't have to deal with physcially opening the UI and clicking a bunch of options.

Looking for a CLI solution to set these access rules.