Here is my situation…I have a private network at a Hotel, five Access Points to Cover this property which are all RB CRD, they are wired back to a RB 450 used for my gateway and Hotspot Server, right now I am able to recieve SNMP trap info from the gateway just fine, but not from the Access Points, I have SNMP enabled on the AP’s but to my thinking I need to setup a Rule on the gateway to allow the AP’s to be polled from my SNMP server, is this correct? if so, what is the Rule that needs to be in place for ports 161 and 162?
I’m sure it’s just a firewall rule, just not sure what will allow the traffic to pass to my SNMP server.
Thanks
schiele -
How do you plan to reach the 5 APs? Do they have a public IP address?
If no, then there are a couple of possibilities…you could have a VPN connection to the Hotspot controller from your SNMP server, that would give it ‘local’ access to the 5 APs through the Hotspot controller LAN IP address space.
Barring that approach, it may be possible to use dst-nat to take a query from your public IP on the Hotspot controller, on a different port (just picking radom ports here 1601 and 1602) and dst-nat them to AP1 port 161-162, do the same for the rest of the APs, just pick different ports, i.e. 1603 & 1604 for AP2, etc. Of course this depends on whether or not your SNMP server will allow you to use different dst ports to get SNMP info…
R/
Thanks for the response Sir. I have tried the VPN approach on one site and it works well, however I am just wondering if this will work on multiple sites at each location with a different public IP on each site, internal IP range is the same however for all sites, will this confuse the SNMP server at all? not sure then if the VPN solution will work for this type of monitoring.
I am using ‘WhatsUp Gold’ v11 for SNMP server, not sure if I can do a destination port procedure you suggested, not sure if the WhatsUp Gold can work in this way. Any other suggestions?
Thanks
schiele -
Well sir you sure know how to make it interesting… 
I do not believe that What’s UP Gold will allow different ports for SNMP.
Since you do not have multiple public IP addresses then you’ll need to pursue the VPN route. To do that though you will have to make different IP or VPN networks at your various locations. It is possible to add an IP range outside what your Hotspot networks use normally and then have a different network for each Hotspot location. No need for NAT’ing as these IPs will only be used via the VPN.
Let’s just say all of your Hotspots use 10.0.0.0/24 as the LAN IP network. You could add say 172.16.0.1/24 to the Hotspot Controller, and then a respective IP for each Hotspot AP. On your next location do 172.17.0.1/24, add the IPs to the Hotspot APs, so on and so forth.
Now, your VPN connections can have IPs in the ‘new’ private IP block on the LAN side of your various Hotspot controllers… What’s Up Gold won’t get confused. You can have serval VPN connections FROM your Hotspot controller locations to a central VPN server. You may have to add a few routes but it is a relatively easy setup - especailly since you have already done one VPN. You may also be able to do this in reverse - all VPN connections started in your main co-lo where the What’s Up Gold server is located instead of the suggested from each Hotspot controller (it would be to each Hotspot controller…)
Let us all know how this turns out!
R/
Thom
Your patience is greatly appreciated, sorry to make things confusing, I hope the image will make better sense of my exact layout for my sites.
I am trying to understand your suggestion, please bare with me Sir. Here is the part from what you mentioned that I am not totally sure how to do:
“To do that though you will have to make different IP or VPN networks at your various locations. It is possible to add an IP range outside what your Hotspot networks use normally and then have a different network for each Hotspot location. No need for NAT’ing as these IPs will only be used via the VPN.”
Since my Hotspot server is on the Gateway(same MikroTik) at each location, what would be involved doing what you suggested for applying an IP for the Hotspot Controller?
Hope this make sense, once again thank you for your time on this.
