Chapter 1: Configuration Configuring securityPage 1-120Filtering management through EthernetSee Filtering management through Ethernet in Installation and Planning Guide.Allowing management only from specified IP addressesSee Allowing management only from specified IP address in Installation and Planning Guide.Restricting radio Telnet access over the RF interfaceRF Telnet Access restricts Telnet access to the AP from a device situated below a network SM(downstream from the AP). This is a security enhancement to restrict RF-interface sourced AP accessspecifically to the LAN1 IP address and LAN2 IP address (Radio Private Address, typically 192.168.101.[LUID]). This restriction disallows unauthorized users from running Telnet commands on the AP that canchange AP configuration or modifying network-critical components such as routing and ARP tables.The RF Telnet Access may be configured via the AP GUI or via SNMP commands, and RF Telnet Accessis set to “Enabled” by default. Once RF Telnet Access is set to “Disabled”, if there is a Telnet sessionattempt to the AP originating from a device situated below the SM (or any downstream device), theattempt is dropped. This also includes Telnet session attempts originated from the SM’s managementinterface (if a user has initiated a Telnet session to a SM and attempts to Telnet from the SM to the AP).In addition, if there are any active Telnet connections to the AP originating from a device situated belowthe SM (or any downstream device), the connection is dropped. This behavior must be considered ifsystem administrators use Telnet downstream from an AP (from a registered SM) to modify systemparameters.Setting RF Telnet Access to “Disabled” does not affect devices situated above the AP from accessingthe AP via Telnet, including servers running the CNUT (Canopy Network Updater tool) application. Also,setting RF Telnet Access to “Disabled” does not affect any Telnet access into upstream devices(situated above or adjacent to the AP) through the AP (see
