This article helps you to identify whether a Wireless Controller is located behind a firewall that is configured for Network Address Translation (NAT).
Remote sites usually have Wireless LAN Controllers (WLC) located in remote locations to support multiple Wireless Access Points (WLAs) on a remote network. Often the remote sites are located behind a firewall device that supports Network Address Translation (NAT). In this case, if the Access Points are configured behind a NAT firewall, then it is not possible for the APs to boot up in a cluster. To overcome this problem, WLC is configured behind the NAT firewall, which helps the APs to be a part of the cluster.
To determine whether a WLC is located behind a firewall that supports NAT, use the show mobility-domain command:
========= show mobility-domain =========
Mobility Domain name:Remote location
Flags: u = up[2], d/e = down/config error[0], c = cluster enabled[2],
p = primary seed, s = secondary seed (S = cluster preempt mode enabled),
a = mobility domain active seed, A = cluster active seed (if different),
m = member, y = syncing[0], w = waiting to sync[0], n = sync completed[2],
f = sync failed[0]
Member: * = switch behind NAT
Member Flags Model Version NoAPs APCap
---------------- ----- -------- ---------- ----- -----
10.26.64.10 upacn WLC800R 9.6.3.2 27 128
10.26.64.8 us-cn WLC800R 9.6.3.2 25 128
10.24.8.11 *um-cn WLC800R 9.6.3.2 26 128
The asterisk (*) symbol indicates that the WLC is located behind a firewall has NAT configured.