To access a network device there are various methods. These network access methods are also used to access wireless components. So, here, we will talk about these access methods.
Access Methods used in Wireless networks can be divide into 4 categories. These are given below:
- Telnet / SSH
- HTTP / HTTPS
- TACACS+ / RADIUS
Telnet / SSH
Telnet and SSH access can be done on CLI by using WLC Mangement Interface IP Adddress. On CLI, you should use ssh or telnet keyword and then you should use the Maagement IP address. If the Telnet/SSH service is on and there is no restriction for telnet/SSH session, you can access the wireless device with this method.
As you know, telnet is insecure and SSH is the secure way in this type of method. By default, telnet is disabled on Cisco WLCs. But, SSH is enabled by default. So, if you want to use telnet, you should enable it.
To access to a WLC with Telnet or SSH, they must be aneble on WLC. You can enable these services on CLI with the below commands:
- config network telnet enable
- config network ssh enable
You can check the status of this configurations with “show network summary“ command.
- show network summary
RF-Network Name……………………….. TestNetwork1
Web Mode……………………………… Enable
Secure Web Mode……………………….. Enable
Secure Web Mode Cipher-Option High………. Disable
Secure Web Mode Cipher-Option SSLv2……… Disable
Secure Shell (ssh)…………………….. Enable
To see the active Telnet sessions you can use the below command:
- show login-session
ID User Name Connection From Idle Time Session Time
— ————— ————— ———— ————
00 admin EIA-232 00:00:00 00:19:04
On GUI, you can also adjust the Telnet/SSH parameters like Telnet Login Timeout, Maximum Number of Sessions etc. related with Telnet and SSH from “Management > Telnet-SSH” part. After applying adn saving, the configuration is Ok.
We can also adjust telent priviledges from “Management > Local Management Users“ part.
HTTP / HTTPS
To access GUI (Graphical User Interface) of the WLC, we can use HTTP and HTTPS. HTTP is insecure and http is secure way to connect. By default HTTP is disablled but it can be enabled to use. And HTTPS is enabled by default.
To access WLC GUI, we can use HTTP/HTTPS over a browser. Here, service port interface or the management interface is used to access GUI.
To access GUI, 192.168.1.1 is the default IP Address.
To access GUI over browser, webmode must be enable on WLC. By default it is disabled. You can enable it with below command on CLI:
- config network webmode enable
To allow only secure connection with HTTPS, you can use the below command on the controller CLI:
- config network secureweb enable
Console Connection is the connection type that can be done over console port of the wireless device. You should be next to the device for thic connection. You can plug in your console cable to your laoptop and the console port of the wireless device and then you can access through both CLI and GUI.
To do this, Console connection must be enabled on Cisco WLC. By default it is enabled.
To access a wireless device RADIUS or TACACS+ authentications can be used. For this access,user credentials (user, passwords) are defined in a RADIUS Server or TACACS+ Server and before the access, user credentials are checked. If the correct credentials (user, passwords) are given, then user access accepted.
All users have special usernam and passwords. And these information is stored in a remote RADIUS Server or TACACS+ Server. While accessing the Cisco WLC, the user name and the password is requested from the user. If user write the correct information, he/she can accees Cisco WLC.