User's Manual Part 1
User’s Guide Chapter 7 – Reference Manual
Network Interface | Configuration | Management Subnet
Each network interface can have a management subnet. Use the network interface | configuration
| management subnet menu to configure this feature on selected interface.
When management subnet is enabled, port forwarding will NOT WORK when
connecting from IP addresses that are in the management subnet's remote
administrator's network. This is because the management subnet allows
connecting to the client computer without using port forwarding.
The administrator can enable or disable management subnet for each interface. By default no
management subnet is enabled on the controller:
Figure 54 – Management Subnet
To specify new subnet management click the edit button on the selected interface:
Figure 55 – Add Management Subnet
IP Address and Netmask – specify the IP address and netmask of the management subnet. IP
address will be set on the network interface as an alias, so you can connect to the P560 using this
address. This IP address should be used on access points as the gateway address.
Remote Network and Netmask –specify the remote network that is allowed to access the local
management subnet. Only addresses that are from the remote network will be accepted [dots and
digits].
If you do not specify any remote network all stations with IP addresses from the management LAN are
routed to the WAN port even without being authenticated.
Clients using an IP address from the management subnet can browse the Internet without
authorization, and no accounting will be done. Thus, it is strongly recommended to allow traffic only
from the administrative remote network (no 0.0.0.0/0.0.0.0 in remote specification).
Example:
Interface configuration for ixp0:
type: LAN
IP address: 192.168.3.1
netmask: 255.255.255.0
gateway: ixp1
Management subnet on ixp0:
IP address: 10.0.0.1
netmask: 255.255.255.0
remote network: 10.10.0.1
remote netmask: 255.255.255.0
Gemtek Systems Page 57