Reply
Highlighted
New Member
Posts: 32
Registered: ‎10-14-2014
Accepted Solution

management vlan

Hello,

I'm trying to limit access to the management part of the airos radios. I've set up a management vlan, assigned the management interface with this vlan and associated an IP address with it. I can acces the mgt pages fine via the mgt IP/VLAN, but also via the existing WAN interface. I do not see that these two interfaces are bridged.

 

How can I disable acces to the mgr screens from the standard WAN interface and IP?

 

Radio is in router mode, runnning airos 8.5.4CS


Accepted Solutions
Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

Enable Block Management access on your WAN and LAN interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

View solution in original post


All Replies
Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

Can you post a screenshot of your full network tab?

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

Hi Nick,

Below a dump of the network tab with IP address blanked out. 

(I've split the screendump in three parts - can't get them to order proerly in a sinngle reply)

 

Part1

network tab1.png
New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

Part 2:

network tab2.png
New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

Part3:

network tab3.png
Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

Enable Block Management access on your WAN and LAN interfaces.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

Hello Nick,

Thanks. This works indeed. 

About the LAN part - I'd like to stop clients from trying to get into the management interface. Blocking the LAN access would do this.

But there are times when the wifi part is broken and the only way to get to the radio is via the LAN interface. 

So I'd like to make it more difficult, but not impossible. Any best practices here?

Thanks! 

 

Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

You could configure a new VLAN on the LAN interface to access via LAN.

Then you would just need to add the VLAN on your laptop's LAN interface when connecting directly to the LAN port of the airMAX device.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

So I would create another vlan with the same id (so that tags would be identical) on the LAN interface? I suppose I would need to bridge the two vlans, right?

Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

Yes, and change your Management interface to that new BRIDGE interface.

Make sure to make use of the Test button when working with VLANs.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 32
Registered: ‎10-14-2014

Re: management vlan

Thanks. I tried to create a bridge (gridge1) for the two vlans, but I can only add lan0.10. (see screenshot) How can I bridge the two vlans?

bridge.png
Ubiquiti Employee
Posts: 931
Registered: ‎02-13-2017
Kudos: 376
Solutions: 94

Re: management vlan

Change the Management interface back to bridge0 while you configure this part. Once you add the two vlans to the bridge, change the Management Interface to bridge1 and test changes.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

Reply