Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki cloud managed AP block local admin page on wifi/ssid

Hulafish
Here to help
‎Mar 22 2022 2:49 PM
‎Mar 22 2022 2:49 PM

Meraki cloud managed AP block local admin page on wifi/ssid

Trying to setup a meraki ap for a guest ssid.  Have managed to do most of the isolation as it is fairly easy but I noticed the end users could still get to the Meraki AP management page via the gateway ip address.

 

So in this case it is assigning and forcing dhcp to 10.85.102.34.  If the user browses to 10.128.128.128, which is their gateway assigned by DHCP, they can get into the meraki AP interface.  They can't change much without the username and password, but I would rather they not be able to see it at all.

 

Is there a way to do that without blocking them from the internet completely?

0 Kudos
Subscribe
5 Replies 5
Hulafish
Here to help
‎Mar 22 2022 2:50 PM
‎Mar 22 2022 2:50 PM

Sorry one other small note.  I cannot get to it from my Lan.  The ip of the lan network is 192.168.1.1/24 and if I try to get to the AP, which is currently pulling 192.168.1.131 I get no interface.

 

Seems like the lan is where you want that config page, and not on the wifi, but not sure how to make that happen.  Any help would be appreciated...even if the answer is it can't be done.

0 Kudos
Subscribe
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 22 2022 2:59 PM
‎Mar 22 2022 2:59 PM

I am not sure why you are not able to get to the AP from your computer, but I am doing the same thing and I can get to the local page. Maybe something upstream of your device is not allowing you to get to it. Since the local page is not used that much, I would suggest disabling it completely:

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

0 Kudos
Subscribe
In response to Make_IT_Simple
Hulafish
Here to help
‎Mar 22 2022 3:11 PM
‎Mar 22 2022 3:11 PM

I think I figured out the issue, but it is still well weird.  I can get to the page via ip if I go to Network Wide > General and change device configuration so that local device status page is set to enabled (which it was), and Remote device status page is changed to enable...which it was not.

 

This also looks like how I would disable the status page over wifi.  So it fixes the issue...but seems clunky.  As you cannot tell it to allow via ip, only from lan, from what I can tell.  This would be handy, but likely not necessary for 99% of function.

 

Still would love to see this device config option by AP, Device, or even SSID.

0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 22 2022 6:30 PM
‎Mar 22 2022 6:30 PM

You can disable to local device pages via the dashboard, I do this as standard practise however it can cause problems if the device loses dashboard connectivity as you then have no way or accessing the status page and have to factory reset the device. 

btr.net.nz
0 Kudos
Subscribe
In response to BlakeRichardson
Hulafish
Here to help
‎Mar 24 2022 4:59 PM
‎Mar 24 2022 4:59 PM

Thanks Blake, I did find that.  Just wish you could disable it from wifi but keep enabled on LAN.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.