Not sure why I've never noticed this before, but on say a guest SSID running NAT mode, you can access the 10.128.128.128 (gateway) local status page on the AP your connected to. I would prefer a guest not be able to do that because I'm a stickler.
I can't seem to find a way to disable that, while still leaving it enable for the other corp SSID's. The only option is on or off under General settings.
Anyone know how to lock it down so while on guest you won't be able to access?
Hi Nolan,
Not sure... Not checked too as I am traveling.
Just a thought though..
Do you think L3 Firewall Rule can help us on this?
@AjitKumar wrote:Hi Nolan,
Not sure... Not checked too as I am traveling.
Just a thought though..
Do you think L3 Firewall Rule can help us on this?
Tried it now, and was able to connect to local status page... Even after a L3 deny rule to 10.128.128.128
I've never tried it - but you could try specifying a management VLAN and see if that restricts it.
ps. The local status page does provide some usefull information about the clients actual connection that could provide some benefit for resolving an issure (such as channel, signal strength, connection protocol, connection rate, etc).
Go to "network -wide" - "General"
Yeah correct, just saw it now too... If necessary... But tbh is it necessary to disable it? Who would know that IP? And what to do with this information, if you are "a normal" person.
@MarcP wrote:Yeah correct, just saw it now too... If necessary... But tbh is it necessary to disable it? Who would know that IP? And what to do with this information, if you are "a normal" person.
It's the default gateway, so everyone would know that IP :P.
@NolanHerring have you tried @PhilipDAth 's suggestion? Did that do anything?
I always have a dedicated VLAN for my access points so I'm assuming that his possible solution is on by default in my situation. My ports are trunked, with the SSID vlans allowed, and the management vlan as well. the management vlan is native vlan on my trunk ports so access points reside on that vlan. Makes no difference either way when I tested it.
hi why don't you change the local status page username and password which is not possible for anyone to guess only a dashboard administrator can view it.
also try to put L3 rule in the NAT mode ssid (in my case GlobalWIFI ) to block access to 10.128.128.128 and check.
Tried that, plus I also have Deny all local lan set. I can still reach the 10.128.128.128 (since its the gateway).
I do have a password set so nobody can really do anything, I just prefer that on a specific SSID (like a guest one), that they can't have access to this at all. Gives them information I would prefer they don't have access to, like AP name etc.
At this point I think the only solution is to turn the feature off, and only on if I ever need to access. Oh well >.<
Yes Nolan you can disable the local status page too. unless a user logged in into 10.128.128.128 page he won't be able to guess whether it's a AP or something else or its name. so you don't need to be worry if 10.128.128.128 is accessible or not.