CnMaestro OnPremises Dual Networks

Help wanted, we want to implement the following scenario. The ui of the cnmaestro is needed to be available on two different networks (that is, one network will be used for registering and controlling the devices and the other one will be used for having access on UI)… The vm was installed on a server with two networks card (one on access points network 10.x.x.x.) and another on the network that we want to have access too (172.16.x.x)

Create separate vlan2 in WIFI AP group with 10.x.x.x ( with dhcp or not)
Management will be on vlan 1 172.16.x.x :slight_smile:

We tried dual NICs but it never worked correctly. Was much easier to use vlan subinterface. That was on 2.x. Have a ticket in with Cambium support about this not working on 3.x but they’ve been dragging their feet for almost two months now.

As i wrote and above the two networks are completely separated and the work must be done only on vm site. Is sound easy, we need the vm UI to be available on two different cards. Maybe i’ll create a nat-pat rule on server (host) side but it will be great if this could be done on VM …

On maestro 2.x, one can trunk the interface and add the vlan subinterfaces to capture the needed traffic. Easy to do and linux does not route between the networks unless someone specifically enables it. In maestro 3.x, Cambium has broken the ability to do this and does not seem in any hurry to want to fix it.

Please let me know if you need any assistance with 2.x subinterface, and I can provide network config examples.
(0) spin up cnmaestro 2.x on vm
(1) make sure vlan package is installed
(2) trunk the interface
(3) enable vlan in kernel
(4) modify network config
(5) make network config file immutable
(6) reboot
(7) Profit

How familiar with Ubuntu, Apache and NGinx are you?

You will need to manually change the web interface port to not be locked to a single IP by changing to name based hosting.

If you donnot already know how to do this, I suggest creating a inter vlan route with 1:1 nat to bridge one network to the other. An ACL can block everything you dont need access to or allow access from.

I managed to solved it by simply create a port forward rule, but it will great if vm of cnmaestro-on-premises could be accessed on a second ip by just adding a second network card…

CnMaestro VM is not unlike any other web server. You can simply add a nic to the vm and you can adjust the config to use it, but this also is your responsibility as your modifications for your needs is non standard. In this case it is not the VM they provide that needs additional functions but a more clear config path to readily make those changes.