ExtremeCloud IQ
Controller supports
External Network Address Translation (NAT), providing a secure means for remote
users to access a campus network.
Configure a single address as an intermediary between the public internet and your
private campus network. NAT improves network security by controlling access to the
public network.
When deploying ExtremeCloud IQ
Controller on private network behind NAT, configure
the network as follows:
Configure two external
internet connections for high availability and identify the IP address of
each connection.
On each ExtremeCloud IQ
Controller, configure a physical or Bridged@AC VLAN with
Device Registration enabled. The VLAN has an internal IP address.
On each NAT device,
configure a port mapping from external port 4500 to the IP address of ExtremeCloud IQ
Controller (physical Bridged@AC VLAN, port 4500).
On each ExtremeCloud IQ
Controller, configure the external NAT IP address.
To configure the external NAT IP address on ExtremeCloud IQ
Controller:
Go to Administration > System > Settings.
Scroll down to the External NAT
pane.
Enter the IP address of the
NAT device on the public internet.
Select Save.
This feature is supported in a high availability pair, but The External NAT IP
address configuration is specific to each controller. The settings are not
synchronized in a high availability pair.
Note
The high availability failover
list is limited to a four IP addresses. The external IP address counts as one
address in the failover list; therefore, only three topologies with device
registration enabled are supported. If you have four VLANs with device
registration enabled, ExtremeCloud IQ
Controller will not configure the
external NAT IP address. Similarly, when an external NAT IP address is
configured, you cannot enable device registration on a fourth VLAN. The update
is refused.
All ExtremeWireless access points that are
supported by ExtremeCloud IQ
Controller support External NAT.
