I have the situation in which SM have a static IP and provided DHCP to pc client. I would know which is the best solution to not allow the customer to enter in the SM’s browser web page but I want enter in it from my NOC workstation
You can enter a SM web-page from an AP “LUID Select” with any of SM’s configurations.
in this way i can enter from my NOC in the SM’s page by the AP Luid, but if i want that the customer can’t view his SM’s web page how can i do this?
Lock it with a password.
the password isn’t safe at 100%.
there is another way?
I have never had a problem with a customer accessing the radio. However, if you really need to block customers from accessing the page, you could enable VLANs on the APs and SMs. Once enabled, there is a feature that disables local SM management. The downside is that an onsite tech can’t access it either unless he has the ability to tag his traffic with the management VLAN set in the SM (default is VLAN1).
The preferred network topology is to use two networks. The first network is for your customers, and the second is a private network specifically for your Canopy radios and other managed network devices. Have your customers use a wireless or wired broadband router - cheap wired routers are down to 35 bucks. This isolates the customer from the Canopy network, provides your network a layer of protection from your customers computers, and provides a clear point of demarcation between your network and the customers LAN. If you can ping the customers IP address you know the problem is inside the customers LAN.
Ideally your customers routers would be on a public IP address, however you could issue DHCP NAT’d IP’s from your NOC.