Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

mnmgt AP with vWLC issue

Hi all ,

I have vWLC  v7.6.100 . Now question is :

i have Ap's on one subnet 192.168.0.0/16 where is controllerer also ( controller ip 192.168.1.251 ) other network with AP's  for some other users is on diffrent subnet 172.29.0.0/16 witch is behind NAT.

On the controller is the interface can be set NAT address that he  sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be  hooked.


CLI only option that should be allowed to coexist and local and  NAT-ed AP's is next, but the same just is not working, that is. in no way

does not change the behavior of the system.

config network ap-discovery nat-ip-only disable

i found aboout this command :

"This makes it so the controller will pass both the NAT address and  the

private internal address for CAPWAP discovery when an AP  joins."

Any workaround how to coexist AP in local network and AP's behind NAT with one controller. Does it need two controllers for this ?

KR

VZ



6 REPLIES

mnmgt AP with vWLC issue

The NAT address is for when you have OEAP.  If you have routing betwen the subnets you shoulnd't need to set the NAT IP on the mgmt interface

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: mnmgt AP with vWLC issue

To explain a bit further .. Oeap are aps you give to users outside the network. You can either give your anchor controller an outside address and lock it down, while in your DMz. Or you can NAT that address to the outside . The purpose is to provide a mgt IP address to the oeap to join..

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: mnmgt AP with vWLC issue

Hi George and Stephen

just to be sure that we underarstood . It is not about users it is about AP's

As i said

So AP's from subnet  172.29.0.0/16  are behind nat

AP from subnet  192.168.0.0/16 are on same subnet with controller .

"On the controller is the interface can be set NAT address that he  sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be  hooked"

So now this  means that AP's on subnet  192.168.0.0/16 recive nated address in join message and of course cant join.

command that spuld maked to this work "config network ap-discovery nat-ip-only disable" does not work.

So my question is there any solution or there must be two controllers , one for  AP's behind nat  , and second controller for AP's in same network as controller.

Routing between subnets is not a option in this case.

Thanks

Hall of Fame Super Silver

Re: mnmgt AP with vWLC issue

Enter this command in your WLC CLI:

config network ap-discovery nat-ip-only disable

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Re: mnmgt AP with vWLC issue

Hi ,

it does not work .

"config network ap-discovery nat-ip-only disable"

This makes  it so the controller will pass both the NAT address and the

private internal address for CAPWAP discovery when an AP joins.

Kind regards,

Vladimir Zolnjan

Hall of Fame Super Silver

Re: mnmgt AP with vWLC issue

Well that is required if your AP's are behind the NAT and you define the NAT ip address.  This is similar to OEAP.  You would need to make sure that your are forwarding udp ports 5246 and 5247 from your FW to your WLC.  Not going to be simple to get this setup working with AP's behind a NAT and some AP's not behind a NAT.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
332
Views
0
Helpful
6
Replies
CreatePlease to create content