Subscriber module managment interface accessable via public IP


First, all of our epmp radios on our network are running 6.2.1 and all subscriber radios are configured NAT / DHCP / PPPoE with a separate wireless managment interface. So the customer radio's management IP is a 10.10.#.# and when the radio authenticates via PPPoE it is given a public IP address and provide NAT/DHCP to the customer equipment. On all the radios I have checked so far, other than this one radio, I can not access them via their public IP I can only access them via their separate management interface IP.

This morning I'm in the office and I have an email telling me that just a few minutes ago an IP on our network was part of a DDOS attack. Now, we do have a couple of customers bridged and I know at least one of them has a Ubiquiti radio plugged into our ePMP radio. I copied the IP in the email and pasted it in my web browser expecting to see the ubiquiti logon.

Imagine my surprise when it was a an ePMP logon screen that greated me ! My first thought was " Did we not set up the separate management interface on this radio !?!" but I checked and it is indeed configured. I looked to make sure it was running 6.2.1 and it is. I checked several other ePMP customer radios to see if I could access them via their public IP and I could not, only this radio seems to have t his problem.

Screen shot attached of the network setup while logged into the radio via its public IP.

Hi Brubble1, 

Whenever you have the separate Wireless Management IP enabled then , the only way to manage the equipment is from the Management ip configured under Separate Wireless Management. Else , if it is disabled then the Public IP that the SM recieves from the AP is used to for NAT and also for Management access of the SM.

Could you let us know whether the ip address that was part of DDoS was indead an ip from LAN or and SM getting denied the service.

Reqeust you to kindly give you email address so we could ask you more about you setup.