Reply
Highlighted
Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1
Accepted Solution

management vlan

Hello,

I'm trying to limit access to the management part of the airos radios. I've set up a management vlan, assigned the management interface with this vlan and associated an IP address with it. I can acces the mgt pages fine via the mgt IP/VLAN, but also via the existing WAN interface. I do not see that these two interfaces are bridged.

 

How can I disable acces to the mgr screens from the standard WAN interface and IP?

 

Radio is in router mode, runnning airos 8.5.4CS


Accepted Solutions
Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

Enable Block Management access on your WAN and LAN interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

View solution in original post


All Replies
Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

Can you post a screenshot of your full network tab?

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Hi Nick,

Below a dump of the network tab with IP address blanked out. 

(I've split the screendump in three parts - can't get them to order proerly in a sinngle reply)

 

Part1

network tab1.png
Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Part 2:

network tab2.png
Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Part3:

network tab3.png
Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

Enable Block Management access on your WAN and LAN interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Hello Nick,

Thanks. This works indeed. 

About the LAN part - I'd like to stop clients from trying to get into the management interface. Blocking the LAN access would do this.

But there are times when the wifi part is broken and the only way to get to the radio is via the LAN interface. 

So I'd like to make it more difficult, but not impossible. Any best practices here?

Thanks! 

 

Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

You could configure a new VLAN on the LAN interface to access via LAN.

Then you would just need to add the VLAN on your laptop's LAN interface when connecting directly to the LAN port of the airMAX device.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

So I would create another vlan with the same id (so that tags would be identical) on the LAN interface? I suppose I would need to bridge the two vlans, right?

Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

Yes, and change your Management interface to that new BRIDGE interface.

Make sure to make use of the Test button when working with VLANs.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Thanks. I tried to create a bridge (gridge1) for the two vlans, but I can only add lan0.10. (see screenshot) How can I bridge the two vlans?

bridge.png
Ubiquiti Employee
Posts: 1,635
Registered: ‎02-13-2017
Kudos: 466
Solutions: 153

Re: management vlan

Change the Management interface back to bridge0 while you configure this part. Once you add the two vlans to the bridge, change the Management Interface to bridge1 and test changes.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

FREE UBWA Student Guide-Great RF Primer!

Emerging Member
Posts: 47
Registered: ‎10-14-2014
Solutions: 1

Re: management vlan

Hi Nick,

Sorry for the late response - I had to wait for a suitable test setup.

I would like to provide access to the management vlan from a number of selected stations. These are all in router mode.

So what I would like to do is untag the vlan at the wlan interface and pass it to the lan network. I tried to define a vlan with the same id of 10 on the wlan0 (brdge) interface, as well as on the lan0 interface. Neeither of them worked.

How do I go about setting this up?

 

Thanks!

Reply