Wireless Access

Maybe I'm missing something simple here, but how would I configure multiple static public IP addresses on a single controller. I have a controller directly connected to the internet. This particular internet connection has 5 static IP's. I'd like to dedicate one of those static IP's to port forwarding to an internal device. I had originally setup the external-facing port to be a trunk port. I was hoping to just create multiple interface VLANs, but they cannot be in the same subnet. In the Cisco world, I would create a sub-interface, but that doesn't seem to be an option either. Any ideas? Thanks

You can create ACLs that specify where to NAT addresses to and from.  An ACL that is applied to an outside interface (inbound from the Internet from the controllers perspective) that has src-nat statements will work even if the IP address is not assigned to an interface.

For example, you can have 1.1.1.1 assigned to an interface and have an ACL assigned to your inbound interface that says:

any host 1.1.1.2 any src-nat ip 10.0.0.2

Then, any packets that show up on the outside interface destined for 1.1.1.2 will be source NAT'd and sent inside the network to 10.0.0.2.

The first "any" is the source and the second "any" is the port/protocol/service.

You would also have to make sure the inside VLAN that is used to route to/from 10.0.0.2 is set to "ip nat inside".

I'm dissapointed the controller's don't have the ability to do this, but I appreciate the NAT info. That is a good idea. Thanks!