Description:
This document describes the recommended configuration settings for securing the access to LANCOM routers and access points which are operating a Public Spot.


Requirements:


Procedure:
1) Configure secure access control
1.1) Open the configuration for the LANCOM router or access point in LANconfig and switch to the menu item Management → Admin.
1.2) Enable the option SNMP read-only community 'Public' disabled.

1.3) Depending on the local interface you are using to operate the Public Spot (LAN or WLAN), you should, under Access rights → From the local network and/or the Access rights → From the wireless LAN, see that the logging protocols on the LANCOM router or LANCOM access point are restricted.

In the following example the potentially insecure protocols are disabledWe recommend that you configure this as a minimum security setting. 

If you have configured Public Spot → General on HTTPS, the access rights for HTTP in these dialog fields can be declared as denied.


2) Block Public Spot users from accessing WEBconfig

2.1) Open the configuration for the LANCOM router or access point in LANconfig and switch to the menu item Public Spot → Server.

2.2) Ensure that the option WEBconfig access by Public Spot interfaces limited to authentication pages is enabled.

If you carry out a new configuratio of a Public Spot, this setting is enabled by default.