MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

481

482

483

484

485

486

487

488

489

490

Traffic forwarding (dnat-server)

This keyword defines the external server to which the controller will forward traffic when an access

list rule with the DNAT-SERVER action matches incoming traffic.

NOTE: SSL traffic cannot be forwarded as this breaks SSL security during connection negotiation

resulting in the connection not being established.

Two external servers can be defined with this keyword. A status polling mechanism is available

that enables the controller to determine the status of the external servers and forward traffic to the

one this is operational. To activate the polling mechanism see Multiple DNAT servers below.

This keyword can be defined directly on the controller or in the controller RADIUS profile.

Syntax

dnat-server=listname, hostname, port, hostname2, port2 ]

Where:

DescriptionParameter

Specify the name of an access list definition that has its action set to DNAT-SERVER.listname

Specify the IP address or domain name of the primary server to which traffic will be redirected.

Maximum length is 253 characters. If polling is not enabled, traffic is always sent to this server,

even if it is down.

hostname

Specify the port on the primary server to which traffic will be redirected. Range: 1 to 65535.port

Specify the IP address or domain name of the secondary server to which traffic will be redirected.

Maximum length is 253 characters. Traffic will only be sent to the secondary server if polling is

enabled and the primary server is down. See “Multiple DNAT servers” (page 482).

hostname2

Specify the port on the secondary server to which traffic will be redirected. Range: 1 to 65535.port2

Example

The following creates an access list called redirect which is used to redirect HTTP traffic for

authenticated users to server1.mycompany.com on port 8080.

The following entry is added to the local profile for the controller:

access-list=redirect,DNAT-SERVER,tcp,all,80

dnat-server=redirect,srv1.mycompany.com,8080

Multiple DNAT servers

The dnat-server keyword supports the definition of two external servers. To make use of these

servers a polling mechanism is provided. Two keywords are available to activate and configure

the polling mechanism.

Syntax

primary-dnat-server-status-url=listname, URL_of_page

secondary-dnat-server-status-url=listname, URL_of_page

Where:

DescriptionParameter

Specify the name of an access list definition that has its action set to DNAT-SERVER.listname

Specify the URL that points to a status file on the Web server. Use HTTP or HTTPS with a port number

if required.

URL_of_page

The status file must contain the following code:

482 Working with RADIUS attributes