Cambium R201P Allowed Remote IP


Would anyone please let me know what I did wrong here


In the Allowed Remote IP, I have entered our Office public IP address which we setup and this is how we configure for other brand of routers to only allow remote access from this particular IP address.

For example:

If I am correct, if there is an IP address specifiy in this field, this is the only IP address you can access the device from.

And if I leave it as default, like it means anyone know your public IP address will be able to access the device.

But the problem is when I put in the IP address in the field like this or/and;

I am still able to access the device from a completely different network.


We limit to a set of addresses and it seems to work for me on 4.3.4-r8. You running latest firmware? 

We use cidr notation so maybe that is needed? Try putting in if that is the single ip you want to allow. add more ips with ; between ex:;


Thank you Tim,

Yes, we are running on the latest firmware

Ok I will test it with your setup and report back.

Thank you



Tried it with /32 at the back. I am still able to access the router (public ip) via other networks. So it's not working.


Just to double check everything, I plug our NetComm router in and it works fine (stopping others to remotely login except from Office). So now I try to start playing with the Filters in security, but it just drop all traffic all together.

*Final UPDATE*

Eventually end up adding it on Filtering Settings, by only allowing ** on the WAN side and local as well or other services/ports you like to open.

At the same time I found out that to do a wild card for IP is not under Filtering Settings. It is actually just leave it blank after many trial and error.

As a test recommandation I would suggest who ever need it by changing the default policy to accept and you can still add rules as accept but it has to be on top of the list. (photo below). The Router will go through the list from the top.

So in the example below. The router will accept anything on WAN and LAN by default.

Then it will go to No1 to specificially only accept ** on port 80 (remote access from Office)

Then it will step down to No2 to simply block/drop everything else on port 80 except No1. Because of the hierarchy.

As a test you will not be able to remotely access this device from everywhere else on port 80.

This works well on our PPPoE +VoIP Setup as I can see there is another thread about VoIP hack which we have encounter as well hence why making sure everything is secure.

1 Like