I have our ePMP's setup to get their public IP via PPPoE, and the radio also gets a completely separate private management IP via DHCP, which is the only way you can remotely access the radio, and it doesn't even have to be in a separate vlan unless you want it to be... and it's one checkbox to configure it.
I'm not sure if that can be duplicated on UBNT or not, since I haven't really tried yet, but at the very least it's a lot more complicated to configure. On Wed, May 4, 2016 at 7:04 PM, Josh Luthman <j...@imaginenetworksllc.com> wrote: > It does...you just need to set it up that way. > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Wed, May 4, 2016 at 7:54 PM, Mathew Howard <mhoward...@gmail.com> > wrote: > >> I really wish Ubiquiti radios had a separate management vlan option (in >> router mode), like ePMP does... >> >> On Wed, May 4, 2016 at 6:10 PM, Josh Reynolds <j...@kyneticwifi.com> >> wrote: >> >>> I would encourage you to put your CPEs on a management vlan, in RFC1918 >>> space. >>> >>> On Wed, May 4, 2016 at 6:00 PM, SmarterBroadband >>> <li...@smarterbroadband.com> wrote: >>> > Hi Tushar >>> > >>> > >>> > >>> > We run all radios in NAT mode. >>> > >>> > >>> > >>> > Adam >>> > >>> > >>> > >>> > From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tushar Patel >>> > Sent: Wednesday, May 04, 2016 3:34 PM >>> > To: af@afmug.com >>> > Subject: Re: [AFMUG] UBNT CPE being used for Abusive actions? >>> > >>> > >>> > >>> > Radios could be put on private ip so nobody from outside world can >>> access >>> > it. That is what we do. >>> > >>> > Tushar >>> > >>> > >>> > >>> > >>> > On May 4, 2016, at 5:22 PM, SmarterBroadband < >>> li...@smarterbroadband.com> >>> > wrote: >>> > >>> > I have received a number of emails for ab...@light-gap.net saying >>> certain of >>> > our IP address are being used for attacks (see email text below). >>> > >>> > >>> > >>> > All IP addresses are in UBNT radios. We are unable to remote access >>> any of >>> > the these radios now. We see that the radio we are unable to access >>> > rebooted a couple of days ago. A number of other radios show they >>> rebooted >>> > around the same time (in sequence) on the AP. We are unable to remote >>> > access any of those either. Other radios with longer uptime on the >>> AP’s are >>> > fine. >>> > >>> > >>> > >>> > We have a tech on route to one of the customer sites. >>> > >>> > >>> > >>> > We think the radios are being made into bots. Anyone seen this or >>> anything >>> > like this? Do the hackers need a username and password to hack a >>> radio? >>> > I.E. Would a change of the password stop the changes being made to the >>> > radios? Any other thoughts, suggestions or ideas? >>> > >>> > >>> > >>> > Thanks >>> > >>> > >>> > >>> > Adam >>> > >>> > >>> > >>> > Email Text below: >>> > >>> > >>> > >>> > “This is a semi-automated e-mail from the LG-Mailproxy authentication >>> > system, all requests have been approved manually by the >>> > system-administrators or are obviously unwanted (eg. requests to our >>> > spamtraps). >>> > >>> > For further questions or if additional information is needed please >>> reply to >>> > this email. >>> > >>> > >>> > >>> > The IP xxx.xxx.xxx.xxx has been banned for 48 hours due to suspicious >>> > behaviour on our system. >>> > >>> > This happened already 1 times. >>> > >>> > It might be be part of a botnet, infected by a trojan/virus or running >>> > brute-force attacks. >>> > >>> > >>> > >>> > Our affected destination servers: smtp.light-gap.net, >>> imap.light-gap.net >>> > >>> > >>> > >>> > Currently 7 failed/unauthorized logins attempts via SMTP/IMAP with 6 >>> > different usernames and wrong password: >>> > >>> > 2016-05-04T23:48:40+02:00 with username "downloads.openscience.or.at" >>> > (spamtrap account) >>> > >>> > 2016-05-04T22:47:19+02:00 with username "sp_woq" (spamtrap account) >>> > >>> > 2016-05-04T14:55:11+02:00 with username "info" (spamtrap account) >>> > >>> > 2016-05-03T21:24:22+02:00 with username "fips" (spamtrap account) >>> > >>> > 2016-05-03T20:57:19+02:00 with username "downloads.openscience.or.at" >>> > (spamtrap account) >>> > >>> > 2016-05-03T10:13:59+02:00 with username "d10hw49WpH" (spamtrap account) >>> > >>> > 2016-05-03T05:34:43+02:00 with username "12345678" (spamtrap account) >>> > Ongoing failed/unauthorized logins attempts will be logged and sent to >>> you >>> > every 24h until the IP will be permanently banned from our systems >>> after 72 >>> > hours. >>> > >>> > >>> > >>> > The Light-Gap.net Abuse Team.” >>> > >>> > >>> >> >> >
