It creates another interface, a tagged one. You specify which interface is the management interface. Don't route it out of your network.
On January 20, 2015 9:13:06 AM AKST, Bill Prince <part15...@gmail.com> wrote: >My understanding of the UBNT VLAN is that it's all one VLAN? How do you > >split management/sub traffic? > >bp ><part15sbs{at}gmail{dot}com> > >On 1/20/2015 10:05 AM, Josh Reynolds wrote: >> Management. VLAN. >> >> On January 20, 2015 8:51:22 AM AKST, Bill Prince ><part15...@gmail.com> >> wrote: >> >> Not the AP side, but the client side. We have traditionally >NATted all >> residential subs on Canopy, and were trying to do the same with >UBNT. >> >> With Canopy it's easy, because the NATted TCP stack just passes >through, >> and if SSH ports are open, it goes to the sub's router (no impact >on the >> SM). >> >> Not so with UBNT, as the public IP for NAT is also the IP for the >CPE. >> >> Just wondering if anyone else has tried the CPE firewall to >prevent >> brute-force SSH logins. >> >> I suppose I could cobble together something on the POP router, >but >> looking for options. >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> On 1/20/2015 9:37 AM, Peter Kranz wrote: >> >> Generally a bad idea to use that firewall (at least on the >> access point side) as it supposedly cuts into your PPS >> capacity on the radio. Peter Kranz Founder/CEO - Unwired Ltd >> www.UnwiredLtd.com <http://www.UnwiredLtd.com> Desk: >> 510-868-1614 x100 Mobile: 510-207-0000 pkr...@unwiredltd.com >> -----Original Message----- From: Af >> [mailto:af-boun...@afmug.com] On Behalf Of Bill Prince Sent: >> Monday, January 19, 2015 1:47 PM To: af@afmug.com Subject: >Re: >> [AFMUG] UBNT firewall Nobody actually using the UBNT >firewall? >> bp <part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM, Bill >> Prince wrote: >> >> We notice that any time we use NAT on UBNT we get a lot >of >> login attempts via SSH. Are any of you using the firewall >> built in? It's not clear from the GUI interface whether >> this affects input or forwarding, or both. What I'd like >> to do is block any SSH logins that are not in one of our >> subnets, but I'm afraid if I turn it on, it will affect >> forwarded traffic. Examples? >> >> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.