Wireless Access

Reply
Contributor I

RAP and NAT with AOS8

Hey Aruba Community,

 

regarding RAPs and NAT.... If I have two controllers natted to my private IPs I need two public IPs for that.

Is this still true with AOS 8 and Clustering?

So, if I use four WLCs with a mobility master, is the only design still to use LMS and B-LMS or is it possible to forward UDP 4500 to the Cluster IP even if I am behind a NAT ?

 

Thanks

Stefan

MVP Guru

Re: RAP and NAT with AOS8

Yes you can cluster controllers while using NAT but need to be running AOS 8.4.x

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: RAP and NAT with AOS8

Hey Victor,

 

thanks.

I read that in the ReleaseNotes

"

Remote AP support with Cluster behind NAT

Remote APs can map the managed device’s private address to a public space by obtaining the private IP and public IP address mapping from a cluster. Therefore, the cluster behind NAT is supported with Remote APs.

"

 

.......But to be absolutely sure: Four Controllers in Cluster with VRRP IP behind NAT nowadays only need ONE public IP forwarded to the cluster VRRP IP ??

 

Sounds like Christmas

Highlighted
MVP Guru

Re: RAP and NAT with AOS8

I have experienced issues in the past using NAT behind a VRRP IP

I typically point the RAPs to a DNS name and have the public IPs as active\passive

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: RAP and NAT with AOS8

I know that this is not supported back in AOS6.X and also not working properly (VRRP and NAT)

So, like I said it is still the save way to use LMS-IP and Backup-LMS IP

(either with a real Public IP or with a FQDN).

 

But in Theory this should work, right? I mean this is how i understand the ReleaseNotes or am I wrong?

RAP connects to public IP, registers itself to one of my cluster MDs and if this one fails it establishes a new connection to one of the other cluster MDs. All through the same public IP/forwarding

 

 

MVP Guru

Re: RAP and NAT with AOS8

Correct



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba Employee

Re: RAP and NAT with AOS8

To my understanding this is not correct. You need a public IP for each Cluster Member to get HA and standby tunnels. This is the reason, why you need to define the official IP for each member during cluster setup. 

You can NAT your official IP to the cluster VIP. But I'm not sure if this is working corectly, as the RAP learns all Member IP's during initial connect and if you haven't configured the Official IP for each Cluster Memeber, those IP's will be internal and thus not reachable for RAP coming from the internet. 


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Contributor I

Re: RAP and NAT with AOS8

mmhhh... Okay. This is what I was thinking.

But unfortunately I could not find a reliable statement in the 8.4 UserGuide.

So until anybody can prove that it is working, I will stick to the old fashioned way.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: