Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
1
Replies

WLC/NGS NAT integration...

zappo0305
Level 1
Level 1

‎06-28-2011 10:25 AM - edited ‎07-03-2021 08:22 PM

Due to lack of address space, I have to go to NAT for our wireless guest users.

Are there any limitation with WLC/NGS when comes to NAT?

I have four 5500 WLCs, should I put them in 1 mobility group, at 2 different locations?

ANy doco on WLC NAT would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

b.garczynski
Level 1
Level 1

‎07-05-2011 08:51 AM

Zappo,

I would create two mobility groups, one per location. Make sure to also configure the mobility groups across locations as well in order to allow for proper AP fail-over. Specific to NAT there is no restriction to how many times you are able to NAT a packet. The more you NAT the more complicated the configuration so I would try to limited it as much as possible. Typically guest users do not and should not have direct access to the inside network. In your situation I would configure a mobility anchor for the wireless guest SSIDs that terminates to the WLC closest to your firewall. Create a DMZ port on the firewall and terminate all wireless guest traffic to that interface. You would obviously still need to NAT in order for clients to access the Internet, but you would not need to NAT on the inside of the network. You would be able to pick any subnet you wanted since there would be no need to route inside. If you do need to route inside for some web access or other services it will be available only through the firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card