Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAP and NAT with AOS8

This thread has been viewed 16 times

  • 1.  RAP and NAT with AOS8

    Posted Aug 27, 2019 08:15 AM

    Hey Aruba Community,

     

    regarding RAPs and NAT.... If I have two controllers natted to my private IPs I need two public IPs for that.

    Is this still true with AOS 8 and Clustering?

    So, if I use four WLCs with a mobility master, is the only design still to use LMS and B-LMS or is it possible to forward UDP 4500 to the Cluster IP even if I am behind a NAT ?

     

    Thanks

    Stefan



  • 2.  RE: RAP and NAT with AOS8

    Posted Aug 27, 2019 09:33 AM
    Yes you can cluster controllers while using NAT but need to be running AOS 8.4.x

    Sent from Mail for Windows 10


  • 3.  RE: RAP and NAT with AOS8

    Posted Aug 27, 2019 10:55 AM

    Hey Victor,

     

    thanks.

    I read that in the ReleaseNotes

    "

    Remote AP support with Cluster behind NAT

    Remote APs can map the managed device’s private address to a public space by obtaining the private IP and public IP address mapping from a cluster. Therefore, the cluster behind NAT is supported with Remote APs.

    "

     

    .......But to be absolutely sure: Four Controllers in Cluster with VRRP IP behind NAT nowadays only need ONE public IP forwarded to the cluster VRRP IP ??

     

    Sounds like Christmas



  • 4.  RE: RAP and NAT with AOS8

    Posted Aug 27, 2019 11:29 AM
    I have experienced issues in the past using NAT behind a VRRP IP

    I typically point the RAPs to a DNS name and have the public IPs as active\passive

    Sent from Mail for Windows 10


  • 5.  RE: RAP and NAT with AOS8

    Posted Aug 27, 2019 11:48 AM

    I know that this is not supported back in AOS6.X and also not working properly (VRRP and NAT)

    So, like I said it is still the save way to use LMS-IP and Backup-LMS IP

    (either with a real Public IP or with a FQDN).

     

    But in Theory this should work, right? I mean this is how i understand the ReleaseNotes or am I wrong?

    RAP connects to public IP, registers itself to one of my cluster MDs and if this one fails it establishes a new connection to one of the other cluster MDs. All through the same public IP/forwarding

     

     



  • 6.  RE: RAP and NAT with AOS8

    Posted Aug 27, 2019 12:10 PM
    Correct



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 7.  RE: RAP and NAT with AOS8
    Best Answer

    EMPLOYEE
    Posted Aug 27, 2019 01:44 PM

    To my understanding this is not correct. You need a public IP for each Cluster Member to get HA and standby tunnels. This is the reason, why you need to define the official IP for each member during cluster setup. 

    You can NAT your official IP to the cluster VIP. But I'm not sure if this is working corectly, as the RAP learns all Member IP's during initial connect and if you haven't configured the Official IP for each Cluster Memeber, those IP's will be internal and thus not reachable for RAP coming from the internet. 



  • 8.  RE: RAP and NAT with AOS8

    Posted Aug 28, 2019 12:53 AM

    mmhhh... Okay. This is what I was thinking.

    But unfortunately I could not find a reliable statement in the 8.4 UserGuide.

    So until anybody can prove that it is working, I will stick to the old fashioned way.



  • 9.  RE: RAP and NAT with AOS8

    EMPLOYEE
    Posted Feb 24, 2020 03:25 PM

    Hi 

     

    I have tried to work with RAP and a single Public IP NATed to a vrrp ip address. That works for pre- AOS8.4, after that you will need one public IP (NATed) per cluster member. So 4 MC's in a cluster means 4 public IP NATed to each member.