In recent weeks, I fielded a number of questions on the forums about “WLC Management via Wireless”. I thought, I would follow up with a quick blog post on the subject.
How it works:
On the Cisco WLC there is a security feature that allows you to ENABLE or DISABLE WLC management via wireless. But, there is a catch in exactly what to expect and how it works. Folks new to Cisco WLCs may not catch this right away or scratch their head when a WLC is disabled, but yet they can still access the WLC over the wireless medium.
When the management via wireless feature is disabled. Any wireless user (Admin or otherwise) will not be able to manage the Cisco WLC over wireless. HTTP,HTTPS,SSH and TELNET are ‘blocked’ from the wireless medium.
But, there is a catch:
When the management via wireless feature is DISABLE on the WLC, it only pertains to the WLC in which the wireless user is associated to. Wireless users can still manage (other) WLCs even though “Management via Wireless” is disabled.
Example:#1 ‘Management via Wireless Disabled’
The user in this example can not HTTP,HTTPS, SSH or TELNET into the controller management IP address in which they are associated to via the access point.
Example:#2 ‘Management via Wireless Disabled’
The user can access other WLCs (the ones he is not associated to), even though the management over wireless is disabled.
In the CLI the >show network summary yields the status of the management via wireless
You can enable or disable management via wireless with the following CLI command:
> network mgmt-via-wireless
(WiSM-slot1-1) config>network mgmt-via-wireless ?
enable Enables this setting.
disable Disables this setting.
In the GUI GO ->MANAGEMENT-> MGT Via WIRLESS -> (CHECK BOX)