mnmgt AP with vWLC issue

startx001 · ‎02-14-2014

Hi all ,

I have vWLC v7.6.100 . Now question is :

i have Ap's on one subnet 192.168.0.0/16 where is controllerer also ( controller ip 192.168.1.251 ) other network with AP's for some other users is on diffrent subnet 172.29.0.0/16 witch is behind NAT.

On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked.

CLI only option that should be allowed to coexist and local and NAT-ed AP's is next, but the same just is not working, that is. in no way

does not change the behavior of the system.

config network ap-discovery nat-ip-only disable

i found aboout this command :

"This makes it so the controller will pass both the NAT address and the

private internal address for CAPWAP discovery when an AP joins."

Any workaround how to coexist AP in local network and AP's behind NAT with one controller. Does it need two controllers for this ?

KR

VZ

Stephen Rodriguez · ‎02-14-2014

The NAT address is for when you have OEAP. If you have routing betwen the subnets you shoulnd't need to set the NAT IP on the mgmt interface

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

George Stefanick · ‎02-15-2014

To explain a bit further .. Oeap are aps you give to users outside the network. You can either give your anchor controller an outside address and lock it down, while in your DMz. Or you can NAT that address to the outside . The purpose is to provide a mgt IP address to the oeap to join..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

startx001 · ‎02-18-2014

Hi George and Stephen

just to be sure that we underarstood . It is not about users it is about AP's

As i said

So AP's from subnet 172.29.0.0/16 are behind nat

AP from subnet 192.168.0.0/16 are on same subnet with controller .

"On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked"

So now this means that AP's on subnet 192.168.0.0/16 recive nated address in join message and of course cant join.

command that spuld maked to this work "config network ap-discovery nat-ip-only disable" does not work.

So my question is there any solution or there must be two controllers , one for AP's behind nat , and second controller for AP's in same network as controller.

Routing between subnets is not a option in this case.

Thanks

Scott Fella · ‎02-18-2014

Enter this command in your WLC CLI:

config network ap-discovery nat-ip-only disable

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

startx001 · ‎02-18-2014

Hi ,

it does not work .

"config network ap-discovery nat-ip-only disable"

This makes it so the controller will pass both the NAT address and the

private internal address for CAPWAP discovery when an AP joins.

Kind regards,

Vladimir Zolnjan

Scott Fella · ‎02-18-2014

Well that is required if your AP's are behind the NAT and you define the NAT ip address. This is similar to OEAP. You would need to make sure that your are forwarding udp ports 5246 and 5247 from your FW to your WLC. Not going to be simple to get this setup working with AP's behind a NAT and some AP's not behind a NAT.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***