The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

BSAP firewall config

Jump to solution

I'm trying to confuger BSAPs to connect to our controller over the internet.

I've configured the firewall a netvanta 3120 with ACLS:

  permit tcp any  host x.x.x.x eq 97   log

  permit tcp any  host x.x.x.x eq 33333   log

  permit tcp any  host x.x.x.x.169 eq 28000   log

I've also configured with the ports open

– IP Protocol 97 (EtherIP): Client Data (AP to AP)

– TCP/UDP 33333: Secure TLS Control Channel

– UDP port 53 (DNS): AP Discovery

– UDP port 69 (TFTP): Firmware

– TCP port 28000: Secure TLS RFIDS Channel

– TCP port 80 (HTTP): Required for Web Auth and/or BlueProtect

– TCP port 443 (HTTPS): Required for Web Auth and/or BlueProtect

– UDP port 1812 (RADIUS): Internal 802.1x Authentication

Even tried all protocol/all ports

Still no luck.

The BSAP status LED is blinking (looks orange to me).

Ethernet blinking

No radio LEDs lit

The BSAP does not appear to be rebooting every 3 minutes.

I have a console connection to the AP.

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

@knevyn

Okay, thank you. The issue is likely with the vWLAN being NATed. At present, remote BSAPs cannot discover a vWLAN residing behind a NAT even if port forwarding is configured for the necessary services. A feature request has been submitted to support this setup and our product management team is working to prioritize it on the road-map. For now, would it be possible within your network design to assign the vWLAN a routable IP address - perhaps something on the DMZ?

Thanks again,

Erik

View solution in original post

0 Kudos
6 Replies
Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

permit tcp any  host x.x.x.x.169 eq 28000   log Should be permit tcp any  host x.x.x.x eq 28000   log ---- 169 was last oct

Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

@knevyn,

Are you connecting your BSAPs to the vWLAN or BSC architecture? And what form of AP Discovery are you using - e.g., DNS, DHCP option 43, or static?

Thank you,

Erik

Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

I'm connecting the BSAPs to cable DSL network, separate from our internal network where the vWLAN is. I have the vWLAN NATed out the firewall. I can connect to the vWLAN web interface through the cable DSL. So I believe I've got the ports open correctly.

I'm using static for the BSAPs outside the firewall. I set mode to static then enter the contollers IP address save and reboot.

Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

@knevyn

Okay, thank you. The issue is likely with the vWLAN being NATed. At present, remote BSAPs cannot discover a vWLAN residing behind a NAT even if port forwarding is configured for the necessary services. A feature request has been submitted to support this setup and our product management team is working to prioritize it on the road-map. For now, would it be possible within your network design to assign the vWLAN a routable IP address - perhaps something on the DMZ?

Thanks again,

Erik

0 Kudos
Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

Routable IP is possible.

Any idea of eta for NATing?

Anonymous
Not applicable

Re: BSAP firewall config

Jump to solution

@knevyn

Regrettably, I can't comment on the ETA of road-map items via the Community. However, I might suggest reaching out to your reseller and/or regional sales manager who could follow-up on this for you.

Thanks again,

Erik