User's Manual
Chapter 7: Configuration
Configuring security
Page 7-108
Key Security Considerations when using the RF Telnet Access Feature
To ensure that the network is fully protected from unauthorized AP Telnet sessions, the following
topics must be considered:
Securing AP Clusters
When working with a cluster of AP units, to eliminate potential security holes allowing Telnet
access, ensure that the RF Telnet Access parameter is set to “Disabled” for every AP in the cluster.
In addition, since users situated below the AP are able to pass Telnet sessions up through the SM
and AP to the upstream network (while AP RF Telnet Access is set to “Disabled”), ensure that all
CMM4 or other networking equipment is secured with strong passwords. Otherwise, users may
Telnet to the CMM4 or other networking equipment, and subsequently access network APs (see
Figure 127) via their Ethernet interfaces (since RF Telnet Access only prevents Telnet sessions
originating from the AP’s wireless interface).
Figure 127 RF Telnet Access Restriction (orange) and Potential Security Hole (green)
As a common practice, AP administrator usernames and passwords must be secured with strong,
non-default passwords.
Restricting AP RF Telnet Access
AP Telnet access via the RF interface may be configured in two ways – the AP GUI and SNMP.
Controlling RF Telnet Access via the AP GUI
To restrict all Telnet access to the AP via the RF interface from downstream devices, follow these
instructions using the AP GUI:
Procedure 20 Restricting RF Telnet access
1
Log into the AP GUI using administrator credentials
2
On the AP GUI, navigate to Configuration > Protocol Filtering