I'm trying to confuger BSAPs to connect to our controller over the internet.
I've configured the firewall a netvanta 3120 with ACLS:
permit tcp any host x.x.x.x eq 97 log
permit tcp any host x.x.x.x eq 33333 log
permit tcp any host x.x.x.x.169 eq 28000 log
I've also configured with the ports open
– IP Protocol 97 (EtherIP): Client Data (AP to AP)
– TCP/UDP 33333: Secure TLS Control Channel
– UDP port 53 (DNS): AP Discovery
– UDP port 69 (TFTP): Firmware
– TCP port 28000: Secure TLS RFIDS Channel
– TCP port 80 (HTTP): Required for Web Auth and/or BlueProtect
– TCP port 443 (HTTPS): Required for Web Auth and/or BlueProtect
– UDP port 1812 (RADIUS): Internal 802.1x Authentication
Even tried all protocol/all ports
Still no luck.
The BSAP status LED is blinking (looks orange to me).
Ethernet blinking
No radio LEDs lit
The BSAP does not appear to be rebooting every 3 minutes.
I have a console connection to the AP.
@knevyn
Okay, thank you. The issue is likely with the vWLAN being NATed. At present, remote BSAPs cannot discover a vWLAN residing behind a NAT even if port forwarding is configured for the necessary services. A feature request has been submitted to support this setup and our product management team is working to prioritize it on the road-map. For now, would it be possible within your network design to assign the vWLAN a routable IP address - perhaps something on the DMZ?
Thanks again,
Erik
permit tcp any host x.x.x.x.169 eq 28000 log Should be permit tcp any host x.x.x.x eq 28000 log ---- 169 was last oct
@knevyn,
Are you connecting your BSAPs to the vWLAN or BSC architecture? And what form of AP Discovery are you using - e.g., DNS, DHCP option 43, or static?
Thank you,
Erik
I'm connecting the BSAPs to cable DSL network, separate from our internal network where the vWLAN is. I have the vWLAN NATed out the firewall. I can connect to the vWLAN web interface through the cable DSL. So I believe I've got the ports open correctly.
I'm using static for the BSAPs outside the firewall. I set mode to static then enter the contollers IP address save and reboot.
@knevyn
Okay, thank you. The issue is likely with the vWLAN being NATed. At present, remote BSAPs cannot discover a vWLAN residing behind a NAT even if port forwarding is configured for the necessary services. A feature request has been submitted to support this setup and our product management team is working to prioritize it on the road-map. For now, would it be possible within your network design to assign the vWLAN a routable IP address - perhaps something on the DMZ?
Thanks again,
Erik
Routable IP is possible.
Any idea of eta for NATing?
@knevyn
Regrettably, I can't comment on the ETA of road-map items via the Community. However, I might suggest reaching out to your reseller and/or regional sales manager who could follow-up on this for you.
Thanks again,
Erik