Is it possible to monitor these APs eventhough they are not in one network?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Is it possible to monitor these APs eventhough they are not in one network? Could it possible to connect to the controller without using VPN?
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Ummm... This post doesn't make any sense.. .. If you are asking if it is possible..  sure...  static set controller IP with port forwarding with a public IP... cake.... Or just put an interface on the DMZ and do it that way.  Otherwise you could just monitor the AP via PING with Nagios, Cacti, PRTG, Observium, LibreNMS, SmokePING.. etc...
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Thanks for the response what the end user wants is that the controller could still get i formation from a remote AP. Eventhough its working on B@AP locally from a remote site.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,286 Points 20k badge 2x thumb
There is one big limitation if you've the controller/AP behind a firewall with port forwarding = the software upgrade of the APs is not supported/working.

Yes you could do it... but it makes no sense in a real production deployment.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Unfortunately this is *still* the case with firmware release 10.11.01.0210. I know from experience, because let's just say, "mistakes were made". :-) I am hoping Extreme will fix this some day. It's no trouble all for me to configure an TFTP connection with my public IP. It just doesn't work. Also, having an AP stuck in a boot loop is impossible to fix remotely!
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
What fo i need to do with the controller to gain access to the remote AP?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,286 Points 20k badge 2x thumb
I'm sorry but could you please be more precise - I don't unterstand the question.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Carlo,
You need to:
  1. Create a NAT translation / access rule on your firewall to allow UDP traffic from a public IP address to your controller's IP address. For security you should only allow connections from your remote sites (assuming those remote sites have a static IP address).
  2. Plug in your access point at your main site and let it connect to the controller. This will allow it to show up in the AP list so you can change settings. It will also get the newest firmware. As Ron mentioned - you cannot upgrade the AP remotely. It will fail. And whenever you upgrade your controller(s) - you must first pre-load the firmware to those remote AP's before rebooting the controller with the new firmware.
  3. Configure the controller's IP address on the AP to be the public IP you assigned.
  4. Plug in the AP at the site, connect to it with ssh, and manually set the controller IP to the public IP you assigned. Once it connects, it should retain that IP since you configured it in step #3.
That's a lot of steps and may create a lot more questions. You may want to check out this post.

Hopefully that gives you some idea of how things would work.