If you're bridging, where does the management VLAN get it's IP address?
Likewise (or almost likewise), if we're NATting in the CPE, is there a
place to assign the VLAN interface a different IP address?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:33 AM, Brett A Mansfield wrote:
UBNT has a good video on this very thing. If done right, all ssh
traffic would be passed through the radio to the customers router on
the public side and the management side will only be accessible
internally.
Here is a link to their video on the VLAN setup for management.
http://community.ubnt.com/t5/airMAX-Frequently-Asked/airMAX-VLAN-management/ta-p/472529
Thank you,
Brett A Mansfield
On Jan 20, 2015, at 11:18 AM, Josh Reynolds <j...@spitwspots.com
<mailto:j...@spitwspots.com>> wrote:
Management services only respond on the management vlan...
On January 20, 2015 9:17:24 AM AKST, Bill Prince <part15...@gmail.com
<mailto:part15...@gmail.com>> wrote:
OK. Great. We can put another IP on a management IP on the
VLAN. How does that block the SSH logins?
Can you specify that SSH only goes through the management VLAN?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:14 AM, Josh Reynolds wrote:
It creates another interface, a tagged one. You specify which
interface is the management interface. Don't route it out of
your network.
On January 20, 2015 9:13:06 AM AKST, Bill Prince
<part15...@gmail.com> wrote:
My understanding of the UBNT VLAN is that it's all one VLAN?
How do you split management/sub traffic?
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 10:05 AM, Josh Reynolds wrote:
Management. VLAN.
On January 20, 2015 8:51:22 AM AKST, Bill Prince
<part15...@gmail.com> wrote:
Not the AP side, but the client side. We have traditionally NATted
all
residential subs on Canopy, and were trying to do the same with
UBNT.
With Canopy it's easy, because the NATted TCP stack just passes
through,
and if SSH ports are open, it goes to the sub's router (no impact
on the
SM).
Not so with UBNT, as the public IP for NAT is also the IP for the
CPE.
Just wondering if anyone else has tried the CPE firewall to prevent
brute-force SSH logins.
I suppose I could cobble together something on the POP router, but
looking for options.
bp
<part15sbs{at}gmail{dot}com>
On 1/20/2015 9:37 AM, Peter Kranz wrote:
Generally a bad idea to use that firewall (at least
on the access point side) as it supposedly cuts
into your PPS capacity on the radio. Peter Kranz
Founder/CEO - Unwired Ltd www.UnwiredLtd.com
<http://www.unwiredltd.com/> Desk: 510-868-1614
x100 Mobile: 510-207-0000 pkr...@unwiredltd.com
-----Original Message----- From: Af
[mailto:af-boun...@afmug.com] On Behalf Of Bill
Prince Sent: Monday, January 19, 2015 1:47 PM To:
af@afmug.com Subject: Re: [AFMUG] UBNT firewall
Nobody actually using the UBNT firewall? bp
<part15sbs{at}gmail{dot}com> On 1/14/2015 11:25 AM,
Bill Prince wrote:
We notice that any time we use NAT on UBNT we
get a lot of login attempts via SSH. Are any of
you using the firewall built in? It's not clear
from the GUI interface whether this affects
input or forwarding, or both. What I'd like to
do is block any SSH logins that are not in one
of our subnets, but I'm afraid if I turn it on,
it will affect forwarded traffic. Examples?
--
Sent from my Android device with K-9 Mail. Please excuse my
brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my
brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.