Showing results for 
Search instead for 
Did you mean: 

SZ NAT Design - Can some APs use internal IP while others use External NAT IP?

Contributor II

I've been following the old Smartzone Network-Design-with-NAT guide and something I'm trying to wrap my head around is the AP Connection behaviour when both internal and NAT addresses are reachable.

Preferably, we'd like to have new APs out of the box, reach out over the public internet to download firmware and initial configurations.  Their Zone/APGroup config should inform them to switch management to another VLAN which has access to the internal IPs of the SZs in the cluster.

Is this possible?


RUCKUS Team Member

Hi Greg,

Yes, you can use both. Just ensure that the APs can reach the necessary ports to connect and download firmware using the NAT IP. Once the AP connects to the SZ, it will obtain the NAT and internal SZ IP. So moving them to another VLAN would not be an issue. If you are using a three-interface setup, note that the NAT IP should NAT the control plane SZ IP.

Also, be aware that if you move the management VLAN of the AP in their configuration, you will also have to change it on the switch port. Otherwise, the AP may not get network connectivity, as it will use one untagged VLAN while the switch port has another untagged VLAN configured.

Bruno Andrade | Principal TSE Bulldog Americas | RCNA | CWNA | CWDP
Follow me on LinkedIn

Thanks Bruno!
Does the AP always try to reach the internal IP first, then fall back on the NAT IP?  Or is this behaviour configurable?