i have Ap's on one subnet 192.168.0.0/16 where is controllerer also ( controller ip 192.168.1.251 ) other network with AP's for some other users is on diffrent subnet 172.29.0.0/16 witch is behind NAT.
On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked.
CLI only option that should be allowed to coexist and local and NAT-ed AP's is next, but the same just is not working, that is. in no way
does not change the behavior of the system.
config network ap-discovery nat-ip-only disable
i found aboout this command :
"This makes it so the controller will pass both the NAT address and the
private internal address for CAPWAP discovery when an AP joins."
Any workaround how to coexist AP in local network and AP's behind NAT with one controller. Does it need two controllers for this ?
To explain a bit further .. Oeap are aps you give to users outside the network. You can either give your anchor controller an outside address and lock it down, while in your DMz. Or you can NAT that address to the outside . The purpose is to provide a mgt IP address to the oeap to join..
Sent from Cisco Technical Support iPhone App
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
just to be sure that we underarstood . It is not about users it is about AP's
As i said
So AP's from subnet 172.29.0.0/16 are behind nat
AP from subnet 192.168.0.0/16 are on same subnet with controller .
"On the controller is the interface can be set NAT address that he sent to the discovery response packet. This however means that APs in the local network receive NAT address to join, and of course can not be hooked"
So now this means that AP's on subnet 192.168.0.0/16 recive nated address in join message and of course cant join.
command that spuld maked to this work "config network ap-discovery nat-ip-only disable" does not work.
So my question is there any solution or there must be two controllers , one for AP's behind nat , and second controller for AP's in same network as controller.
Routing between subnets is not a option in this case.
Well that is required if your AP's are behind the NAT and you define the NAT ip address. This is similar to OEAP. You would need to make sure that your are forwarding udp ports 5246 and 5247 from your FW to your WLC. Not going to be simple to get this setup working with AP's behind a NAT and some AP's not behind a NAT.
*****Help out other by using the rating system and marking answered questions as "Answered"*****
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...