No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

NAT of the vlanif interface is failed when it is used as CAPWAP source simultaneously

Publication Date:  2017-11-15  |   Views:  867  |   Downloads:  0  |   Author:  j00525992  |   Document ID:  EKB1001037162

Contents

Issue Description

Fault symptom: The customer configures vlanif 3030 as CAPWAP source on AC, simultaneously, vlanif 3030 is configured with NAT from LAN to the internet. The connection between AP and AC is ok, but the connection from LAN to the internet is failed. 


Networking overview: STA <---> AP <---> AC <---> Internet


Configuration script:

#

acl name VLAN201 2020

 description NAT3030-201

 rule 5 permit source 192.168.201.0 0.0.0.255

#

interface Vlanif3030

 description FiberEntry

 ip address 46.28.36.32 255.255.255.0

 nat outbound 2020

#

ip route-static 0.0.0.0 0.0.0.0 Vlanif3030 46.28.36.1 description FiberEntry

#

capwap source interface vlanif3030

#

Solution

Analysis:

192.168.201.0/24 is the source ip range of STA.

192.168.250.1/24 is the source ip range of AP.

1) When configure “capwap source interface vlanif3030”, the packet processing procedure is as below:

packet [capwap header (with AP source ip) + STA source ip] ------> vlanif3030 ------> NAT (ACL with rule of permitting STA source ip can’t match the packet with capwap header with AP source ip) ------> capwap decapsulation, packet [STA source ip] ------> no more NAT as it was done already in previous procedure

2) When configure “capwap source interface vlanif200”, the packet processing procedure is as below:

packet [capwap header (with AP source ip) + STA source ip] ------> vlanif200 ------> capwap decapsulation, packet [STA source ip] ------> vlanif3030 ------> NAT (ACL with rule of permitting STA source ip can match the packet with STA source ip) ------> internet


Correct configuration script:

#

acl name VLAN201 2020

 description NAT3030-201

 rule 5 permit source 192.168.201.0 0.0.0.255

#

interface Vlanif3030

 description FiberEntry

 ip address 46.28.36.32 255.255.255.0

 nat outbound 2020

#

ip route-static 0.0.0.0 0.0.0.0 Vlanif3030 46.28.36.1 description FiberEntry

#

capwap source interface vlanif200

#

interface Vlanif200

 description AP-MGMT

 ip address 192.168.250.1 255.255.255.0

 dhcp select interface

 dhcp server excluded-ip-address 192.168.250.2 192.168.250.9

 dhcp server lease day 7 hour 0 minute 0

#