Cisco WLC 5700 Series Interface Configuration Manual page 56
Cisco ios xe release 3e
Hide thumbs
Also See for WLC 5700 Series:
- Command reference manual (82 pages) ,
- Command reference manual (52 pages)
Table of Contents
Advertisement
Information About the Management Interface
If the service port is in use, the management interface must be on a different supernet from the service-port
interface.
To prevent or block a wired or wireless client from accessing the management network on a controller
Note
(from the wireless client dynamic interface or VLAN), the network administrator must ensure that only
authorized clients gain access to the management network through proper CPU ACLs, or use a firewall
between the client dynamic interface and the management network.
Caution
Do not map a guest WLAN to the management interface. If the EoIP tunnel breaks, the client could obtain
an IP and be placed on the management subnet.
Caution
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the
network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible
to access the management interface of the controller.
Do not map a guest WLAN to the management interface. If the EoIP tunnel breaks, the client could obtain
an IP and be placed on the management subnet.
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network.
If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the
management interface of the controller.
Authentication Type for Management Interfaces
For any type of management access to the controller, bet it SSH, Telnet, or HTTP, we recommend that you
use any one authentication type, which can be TACACS+, RADIUS, or Local, and not a mix of these
authentication types. Ensure that you take care of the following:
• Authentication type (TACACS+, RADIUS, or Local), must be the same for all management access and
for all AAA authentication and authorization parameters.
• The method list must be explicitly specified in the HTTP authentication.
Example
Follow these steps to configure Telnet:
1 Configure TACACS+ server by entering these commands:
a tacacs server server-name
b address ipv4 ip-address
c key key-name
2 Configure the server group name by entering these commands:
a aaa group server tacacs+ group-name
b server name name
3 Configure authentication and authorization by entering these commands:
a aaa authentication login method-list group server-group
Interface Configuration Guide, Cisco IOS XE Release 3E (Cisco WLC 5700 Series)
46
Configuring Management Interfaces
OL-32314-01
Advertisement
Table of Contents
Related Manuals for Cisco WLC 5700 Series
Related Products for Cisco WLC 5700 Series
- Cisco WRT54G2 Linksys
- Cisco WIC-1ENET - 1700 Access Routers 1port10bt Enet Wan Interface(man
- Cisco WS-CE520-24LC-K9
- Cisco WS-X4991
- Cisco WS-X4013 - Supervisor Engine II-Plus-TS
- Cisco WS-X4606-X2-E - Line Card Expansion Module
- Cisco WS-C4003-RF - Catalyst 4003 Switch
- Cisco WS-X4232-RJ-XX-RF - Catalyst 4000 Base Module Switch