Wireless Access

Reply
PVS
Occasional Contributor II

Need to access the switch which is behind the controller from an external network

Hi all,

 

Need to access the switch which is behind the controller from an external network

 

The setup is as follows

 

=- 7000 series controller using 6.5 OS

 

=- PC1 is present in the external network

 

=- In the other location, we have ISP which is connected to controller then we have a switch

 

=- Switch's DG is the controller and controller's DG is the ISP

 

=- ISP has 1 public IP and even the controller has 1 public interface

 

=- Switch has private IP which is different from the controller subnet but controller has the switch's subnet as well

 

=- PC1 from an external network is now able to access the controller by typing the public IP present in the controller

 

=- Similarly, we are trying to access the switch which is behind the controller by typic <x.x.x.x controller's public IP>:random port no. Eg: 25.25.25.25:5000. When I type this, we should get the switch page

 

=- Am able to ping the controller's public interface from the external network

 

=- Am able to ping the switch from the controller and vice versa

 

 

==========================

 

 

 

Configuration

 

````````````````````

 

 

 

=- I have created a port based acl and mapped it to the controller's uplink as follows

 

 

 

=- Let's consider 25.25.25.25 as public interface in the controller and 5000 as random port to open the switch. 0/0/1 is the controller's uplink.

 

 

 

(config) #ip access-list session t-acl

 

(config-sess-t-acl)#any host 25.25.25.25 tcp 5000 dst-nat ip 10.0.0.5 5000

 

(config-sess-t-acl)#exit

 

(config) #interface gigabitethernet 0/0/1

 

(config-if)#ip access-group test-acl session

 

(config-if)#exit

 

 

 

=- So now from an external network, I should be able to access the switch by typing 25.25.25.25:5000 in the url but it doesn't work

 

=- Site cannot be reached.

 

Any help will be of great help as this is something very important.

 

Thank you in advance

 

Regards,

 

PS.

Guru Elite

Re: Need to access the switch which is behind the controller from an external network

- Find out the public ip address that the request should be coming from

- type "show datapath session table <public ip address>" while you are making the request to see if the traffic is being blocked.

- make sure 10.0.0.5 is routable from the controller


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
PVS
Occasional Contributor II

Re: Need to access the switch which is behind the controller from an external network

Hi colin,

 

Thank you for your response. show datapath session table <public ip address> and also tried the client's IP it showed the traffic coming from the client but there is no response from the controller to the client.

 

make sure 10.0.0.5 is routable from the controller- Yes, there is reachability.

Guru Elite

Re: Need to access the switch which is behind the controller from an external network

What are the flags on that session entry?  Is there a deny?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
PVS
Occasional Contributor II

Re: Need to access the switch which is behind the controller from an external network

172.16.X.x[client's IP]   25.25.25.25[controller's public IP]


@cjoseph wrote:

What are the flags on that session entry?  Is there a deny?



  6    59618 60002  0/0     0    0   0   0/0/3       7    0          0          FDYC

PVS
Occasional Contributor II

Re: Need to access the switch which is behind the controller from an external network

There is no firewall

Guru Elite

Re: Need to access the switch which is behind the controller from an external network

Type "show acl hits" and see if you can figure out which ACL could be blocking the traffic.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
PVS
Occasional Contributor II

Re: Need to access the switch which is behind the controller from an external network

show acl hits doesnt show the dst-nat acls

Guru Elite

Re: Need to access the switch which is behind the controller from an external network

There might be another ACL that is responsible for the denies.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
PVS
Occasional Contributor II

Re: Need to access the switch which is behind the controller from an external network

I do not see any acl which is blocking the switch. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: