Cisco Bug: CSCvi59011 - Customer gets a challenge prompt when they SSH to a dynamic interface
Sep 04, 2018
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
Symptoms: Customer has put in place jump boxes for enhanced security and they have put in place CPU ACL's for each jump box to be able to access the controller. They have tested this - they are working as designed. They ran Qualys scans on the dynamic interfaces and when they SSH to the GW of a dynamic interface triggers a challenge but then shuts down. Telnet to the GW address - Message, ''telnet not allowed on this port''. This triggers the following QID: 86476 https://community.qualys.com/thread/1205 https://community.qualys.com/docs/DOC-1171 Verified the ''Enable Dynamic AP Management'' switch is OFF. This is normal behavior according to this doc: Document ID: 109669 (2/2009) https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109669-secure-wlc.html ''Remember that by design, even if management over wireless or dynamic interface is disabled, a device can still make an SSH connection to the controller.'' This bug is to investigate if the SSH protocol should be bound to the interface. Conditions: ''Enable Dynamic AP Management'' is disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases