Security and Passwords

Isolating APs from the Internet

Ensure that the IP addresses of the APs in your network

  • are not routable over the Internet.
  • do not share the subnet of the IP address of your user.

RFC 1918, Address Allocation for Private Subnets, reserves for private IP networks three blocks of IP addresses that are not routable over the Internet:

  • /8 subnets have one reserved network, to
  • /16 subnets have 16 reserved networks, to
  • /24 subnets have 256 reserved networks, to

Managing module access by passwords

Adding a user for access to a module

From the factory, each module has a preconfigured administrator-level account in the name root, which initially requires no associated password. This is the same root account that you may have used for access to the module by ftp. When you upgrade a module:

  • An account is created in the name admin.
  • Both admin and root inherit the password that was previously used to access the module, if:

o Full Access password, if one was set.

o Display-Only Access password, if one was set and no Full Access password was set.


If you use Wireless Manager, do not delete the root account from any module. If you use a NMS that communicates with modules through SNMP, do not delete the root account from any module unless you first can confirm that the NMS does not rely on the root account for access to the modules.

Each module supports four or fewer user accounts, regardless of account levels. The available levels are

  • ADMINISTRATOR, who has full read and write permissions. This is the level of the root and admin users, as well as any other administrator accounts that one of them creates.
  • INSTALLER, who has permissions identical to those of ADMINISTRATOR except that the installer cannot add or delete users or change the password of any other user.
  • GUEST, who has no write permissions and only a limited view of General Status tab

From the factory default state, configure passwords for both the root and admin account at the ADMINISTRATOR permission level, using the Account => Change Users Password tab. (If you configure only one of these, then the other will still require no password for access into it and thus remain a security risk.) If you are intent on configuring only one of them, delete the admin account. The root account is the only account that CNUT uses to update the module.

After a password has been set for any ADMINISTRATOR-level account, initial access to the module GUI opens the view of GUEST level.

1 Like