Wireless Access

Reply
New Contributor

Port forwarding on RAP on bridge mode?

I have Cable modem/router then a Rap5WN is connected. Forwarding mode on my RAP5 is bridge. my question is how can i configure a Port forwarding to the device connected to one of the port on RAP5 Say port 4040 needs to forward to the device connected on RAP? I notice if i have a vlan define on the "Remote-AP DHCP Server VLAN" = 100, I keep getting the 192168.11.x. on my pc but how can i forward the port 4040 on this device if im getting this address? thanks A1rhead
Guru Elite

Re: Port forwarding on RAP on bridge mode?

This is certainly an advanced topic.

 

If the RAP is providing a DHCP address to that wired client, you cannot do port forwarding, because the client's traffic is probably being NATTED out of the ip address of the AP for it to work.  Those addresses that are assigned by the AP are NOT addressable by a port forwarding rule on the router connected to the cable modem.

 

Your only hope would be if you are bridging the ethernet port that the device is connected to on the RAP5 to the same VLAN as the e0 of the RAP5 and ip addresses are getting assigned by the router connected to the cable modem.  Try by making the wired AP profile VLAN on that port match the "Native Vlan ID" parameter in the AP system profile.  You would then be able to create a port forwarding rule from the router to the ip address of that wired client on port 4040.

 

 Another hidden issue is that there is a system ACL that is protecting inbound traffic to the RAP5 and this ACL would have to be relaxed for any inbound traffic to a client attached to the RAP5 to be addressable from the "outside world" even if that device got an ip address from your soho router.   That parameter is in the AP system profile and is called the "session-acl" parameter.  That parameter is normally set to the "ap-uplink-acl" and it normally only permits NAT-t (ipsec) and bonjour traffic inbounds.   That session ACL however allows traffic outbound unsolicited from any client on the AP.  You would have to change that ACL to something that permits port 4040 inbounds as well as NAT-T for it to work reliably.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: