6 Replies Latest reply on Apr 16, 2012 10:11 AM by erik

    BSAP firewall config

    knevyn New Member

      I'm trying to confuger BSAPs to connect to our controller over the internet.

       

      I've configured the firewall a netvanta 3120 with ACLS:

        permit tcp any  host x.x.x.x eq 97   log

        permit tcp any  host x.x.x.x eq 33333   log

        permit tcp any  host x.x.x.x.169 eq 28000   log

       

      I've also configured with the ports open

      – IP Protocol 97 (EtherIP): Client Data (AP to AP)

      – TCP/UDP 33333: Secure TLS Control Channel

      – UDP port 53 (DNS): AP Discovery

      – UDP port 69 (TFTP): Firmware

      – TCP port 28000: Secure TLS RFIDS Channel

      – TCP port 80 (HTTP): Required for Web Auth and/or BlueProtect

      – TCP port 443 (HTTPS): Required for Web Auth and/or BlueProtect

      – UDP port 1812 (RADIUS): Internal 802.1x Authentication

       

      Even tried all protocol/all ports

       

      Still no luck.

       

      The BSAP status LED is blinking (looks orange to me).

      Ethernet blinking

      No radio LEDs lit

       

      The BSAP does not appear to be rebooting every 3 minutes.

      I have a console connection to the AP.

        • Re: BSAP firewall config
          knevyn New Member

          permit tcp any  host x.x.x.x.169 eq 28000   log Should be permit tcp any  host x.x.x.x eq 28000   log ---- 169 was last oct

            • Re: BSAP firewall config
              erik Employee

              @knevyn,

               

              Are you connecting your BSAPs to the vWLAN or BSC architecture? And what form of AP Discovery are you using - e.g., DNS, DHCP option 43, or static?

               

              Thank you,

              Erik

                • Re: BSAP firewall config
                  knevyn New Member

                  I'm connecting the BSAPs to cable DSL network, separate from our internal network where the vWLAN is. I have the vWLAN NATed out the firewall. I can connect to the vWLAN web interface through the cable DSL. So I believe I've got the ports open correctly.

                   

                  I'm using static for the BSAPs outside the firewall. I set mode to static then enter the contollers IP address save and reboot.

                    • Re: BSAP firewall config
                      erik Employee

                      @knevyn

                       

                      Okay, thank you. The issue is likely with the vWLAN being NATed. At present, remote BSAPs cannot discover a vWLAN residing behind a NAT even if port forwarding is configured for the necessary services. A feature request has been submitted to support this setup and our product management team is working to prioritize it on the road-map. For now, would it be possible within your network design to assign the vWLAN a routable IP address - perhaps something on the DMZ?

                       

                      Thanks again,

                      Erik