Knowledge Search


[WLC] Identifying whether WLC is located behind a NAT firewall

  [KB33958] Show Article Properties


This article helps you to identify whether a Wireless Controller is located behind a firewall that is configured for Network Address Translation (NAT).



Remote sites usually have Wireless LAN Controllers (WLC) located in remote locations to support multiple Wireless Access Points (WLAs) on a remote network. Often the remote sites are located behind a firewall device that supports Network Address Translation (NAT). In this case, if the Access Points are configured behind a NAT firewall, then it is not possible for the APs to boot up in a cluster. To overcome this problem, WLC is configured behind the NAT firewall, which helps the APs to be a part of the cluster.



To determine whether a WLC is located behind a firewall that supports NAT, use the show mobility-domain command:

========= show mobility-domain =========
Mobility Domain name:Remote location
Flags: u = up[2], d/e = down/config error[0], c = cluster enabled[2],
       p = primary seed, s = secondary seed (S = cluster preempt mode enabled),
       a = mobility domain active seed, A = cluster active seed (if different),
       m = member, y = syncing[0], w = waiting to sync[0], n = sync completed[2],
       f = sync failed[0] 
Member: * = switch behind NAT
Member            Flags  Model     Version     NoAPs  APCap
----------------  -----  --------  ----------  -----  -----       upacn  WLC800R        27    128        us-cn  WLC800R        25    128       *um-cn  WLC800R        26    128

The asterisk (*) symbol indicates that the WLC is located behind a firewall has NAT configured.


Related Links: