Troubleshooting LWAPP registration to WLC 4400 behind Firewall

Posted by

WWWWhhhheeeewwwwwwww. We were troubleshooting Cisco LWAPP registration to WLC 4400 behind the Cisco PIX firewall. Static NAT was configured but still we faced an issue. Issue was communication from VLAN 100 (where APs reside) to VLAN 13 (where WLC 4400 resides and behind firewall) was not working but traffic originating from VLAN 13 to VLAN 100 was possible. We tried allowing everything but still couldn’t solved the issue and we spent 1 day just for troubleshooting.

Now, our last hope was to raise a case to Cisco TAC but we didn’t do that at the moment and agreed to had a research on the issue. While browsing over Cisco website, I checked and read the Cisco WLC 4400 Frequently Asked Question (FAQ) which has 22 pages. Then I found this (refer qouted text below) and I was excited testing the solution provided.

The day came to test the soluton and it was working perfectly.  

Q. Can we place the lightweight access point (LAP) under Network Address Translation (NAT)? Does the Lightweight Access Point Protocol (LWAPP) from access point (AP) to WLC work through NAT boundaries?

A. Yes, you can place the LAP under NAT. On the AP side, you can have any type of NAT configured, but, on the WLC side, you can have only 1:1 ( Static NAT) configured. PAT cannot be configured on the WLC side because LAPs cannot respond to WLCs if the ports are translated to ports other than 12222 or 12223, which are meant for data and control messages. 


One comment

Leave a Reply

Your email address will not be published. Required fields are marked *