02-14-2014 06:50 AM - edited 07-05-2021 12:11 AM
Hi all ,
I have vWLC v7.6.100 . Now question is :
i have Ap's on one subnet 192.168.0.0/16 where is controllerer also ( controller ip 192.168.1.251 ) other network with AP's for some other users is on diffrent subnet 172.29.0.0/16 witch is behind NAT.
On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked.
CLI only option that should be allowed to coexist and local and NAT-ed AP's is next, but the same just is not working, that is. in no way
does not change the behavior of the system.
config network ap-discovery nat-ip-only disable
i found aboout this command :
"This makes it so the controller will pass both the NAT address and the
private internal address for CAPWAP discovery when an AP joins."
Any workaround how to coexist AP in local network and AP's behind NAT with one controller. Does it need two controllers for this ?
KR
VZ
02-14-2014 07:03 AM
The NAT address is for when you have OEAP. If you have routing betwen the subnets you shoulnd't need to set the NAT IP on the mgmt interface
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
02-15-2014 06:43 AM
To explain a bit further .. Oeap are aps you give to users outside the network. You can either give your anchor controller an outside address and lock it down, while in your DMz. Or you can NAT that address to the outside . The purpose is to provide a mgt IP address to the oeap to join..
Sent from Cisco Technical Support iPhone App
02-18-2014 07:30 AM
Hi George and Stephen
just to be sure that we underarstood . It is not about users it is about AP's
As i said
So AP's from subnet 172.29.0.0/16 are behind nat
AP from subnet 192.168.0.0/16 are on same subnet with controller .
"On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked"
So now this means that AP's on subnet 192.168.0.0/16 recive nated address in join message and of course cant join.
command that spuld maked to this work "config network ap-discovery nat-ip-only disable" does not work.
So my question is there any solution or there must be two controllers , one for AP's behind nat , and second controller for AP's in same network as controller.
Routing between subnets is not a option in this case.
Thanks
02-18-2014 08:07 AM
Enter this command in your WLC CLI:
config network ap-discovery nat-ip-only disable
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-18-2014 08:13 AM
Hi ,
it does not work .
"config network ap-discovery nat-ip-only disable"
This makes it so the controller will pass both the NAT address and the
private internal address for CAPWAP discovery when an AP joins.
Kind regards,
Vladimir Zolnjan
02-18-2014 08:18 AM
Well that is required if your AP's are behind the NAT and you define the NAT ip address. This is similar to OEAP. You would need to make sure that your are forwarding udp ports 5246 and 5247 from your FW to your WLC. Not going to be simple to get this setup working with AP's behind a NAT and some AP's not behind a NAT.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide