- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NAT Mode - Disable access to Local Status Page?
Not sure why I've never noticed this before, but on say a guest SSID running NAT mode, you can access the 10.128.128.128 (gateway) local status page on the AP your connected to. I would prefer a guest not be able to do that because I'm a stickler.
I can't seem to find a way to disable that, while still leaving it enable for the other corp SSID's. The only option is on or off under General settings.
Anyone know how to lock it down so while on guest you won't be able to access?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nolan,
Not sure... Not checked too as I am traveling.
Just a thought though..
Do you think L3 Firewall Rule can help us on this?
Ajit
AjitsNW@gmail.com
www.ajit.network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@AjitKumar wrote:Hi Nolan,
Not sure... Not checked too as I am traveling.
Just a thought though..
Do you think L3 Firewall Rule can help us on this?
Tried it now, and was able to connect to local status page... Even after a L3 deny rule to 10.128.128.128
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've never tried it - but you could try specifying a management VLAN and see if that restricts it.
ps. The local status page does provide some usefull information about the clients actual connection that could provide some benefit for resolving an issure (such as channel, signal strength, connection protocol, connection rate, etc).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Go to "network -wide" - "General"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah correct, just saw it now too... If necessary... But tbh is it necessary to disable it? Who would know that IP? And what to do with this information, if you are "a normal" person.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@MarcP wrote:Yeah correct, just saw it now too... If necessary... But tbh is it necessary to disable it? Who would know that IP? And what to do with this information, if you are "a normal" person.
It's the default gateway, so everyone would know that IP :P.
@NolanHerring have you tried @PhilipDAth 's suggestion? Did that do anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I always have a dedicated VLAN for my access points so I'm assuming that his possible solution is on by default in my situation. My ports are trunked, with the SSID vlans allowed, and the management vlan as well. the management vlan is native vlan on my trunk ports so access points reside on that vlan. Makes no difference either way when I tested it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi why don't you change the local status page username and password which is not possible for anyone to guess only a dashboard administrator can view it.
also try to put L3 rule in the NAT mode ssid (in my case GlobalWIFI ) to block access to 10.128.128.128 and check.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried that, plus I also have Deny all local lan set. I can still reach the 10.128.128.128 (since its the gateway).
I do have a password set so nobody can really do anything, I just prefer that on a specific SSID (like a guest one), that they can't have access to this at all. Gives them information I would prefer they don't have access to, like AP name etc.
At this point I think the only solution is to turn the feature off, and only on if I ever need to access. Oh well >.<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes Nolan you can disable the local status page too. unless a user logged in into 10.128.128.128 page he won't be able to guess whether it's a AP or something else or its name. so you don't need to be worry if 10.128.128.128 is accessible or not.