instead of putting public IP in the AP is it possible to use domain name instead?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
We are currently deploying b@AP for our remote sites. For us to be able to communicate or control the EWC in the head office we installed an authentication IP in the remote AP with this command:

cset authipaddr 1 122.X.X.X
capply
csave
reboot

We could now access the controller because of this but when we check the AP availability in the reports we cant see that the remote AP is available. What do we need to do for us to able to see the remote AP in the HO controller? And instead of "Authentication IP" could we put domain name inside the remote AP running on b@AP for future configurations of remote APs.
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,670 Points 2k badge 2x thumb
Hello Carlo

Yes if you populate the domain name in your dhcp scope and add an A record in your DNS server for controller.yourdomain the AP's will reach out to the DNS server to find the IP address of the wireless controller to connect to. If these AP's are remote from the controller make sure the default route is populated in the controller GUI under Network. Without that the controller doesn't know where to go to get back to the AP's. Make sure ports 13907 and 13910 are open through all firewalls and make sure the MTU of 1500 works between locations. 
(Edited)
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Hi,

Do you have a steps that i could follow in doing this?
Photo of Vellachery, Sumeesh

Vellachery, Sumeesh, Employee

  • 3,288 Points 3k badge 2x thumb
Carlo,

Hope the below-mentioned KB Articles would be helpful for you.

1) Configure an AP to find the IdentiFi Wireless Controller from a DNS server entry:-
https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Configure-an-AP-to-find-the-IdentiF...

2) Configure the default route:-
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-the-default-route-on-the-...

3) Ensure that the below-mentioned tcp/udp ports used between IdentiFi Wireless Controller and AP's aren't blocked:-
https://gtacknowledge.extremenetworks.com/articles/Q_A/What-are-the-tcp-udp-ports-used-between-Ident...


Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Hi i followed the step of putting the IP in the routing protocols but its giving me this prompt (please see attached image)


What could be the reason why im encountering this? And by the way this GW is assigned for the controller's management port which can be accessed.
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
Carlo

You can't have 2 default routes, either use a more explicit route to the destination or remove the other default route (via 192.168.1.3)

-Gareth
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Hi Gareth,

I already deleted the 192.168.1.3 IP in the route and added a new one with the 172.22.1.10 which is the management IP of the controller which is connected directly to the internet but its prompting the same error.
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
Carlo

I'd suggest you open a case and provide GTAC with a "tech-support all" so we can look at your entire config and logs.

-Gareth
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
What I've seen in your other post the 172.22.1.10 IP is set on the Admin/Mgmt port.

You shouldn't use the Admin port at all after the initial configuration via that port.
Instead use a ESA port and enable "Managment Traffic" to get GUI access (set the checkmark).

The reason for the error message is that you'd set the default GW for the admin/mgmt port only in the GUI section > Controller > Host Attributes > Default Gateway IP

But as I've mentioned turn it off and use the ESA port instead.

https://gtacknowledge.extremenetworks.com/articles/Q_A/Should-the-Admin-port-on-an-IdentiFi-wireless...