In the previous lab in this series, we created a simple client NAT configuration with the Amit Wireless IDG500-C6012 CPE connecting via CBRS to a Celona indoor access point. The basic NAT configuration does not allow for connections originating outside of the CBRS network to connect to services within the CBRS network.
In this lab, we will modify the basic NAT configuration to connect to a camera service inside the CBRS network.
(added) Netgear GS308 8-port gigabit ethernet switch
(added) Wisenet PNM-9085RQZ camera (with PoE injector)
Apple Macbook laptop with USB-C to ethernet converter
Amit Wireless IDG500-C6012 CPE
We will make the following configuration changes for a NAT topology to allow access to the camera:
CPE
DHCP IP address reservation for the camera
port forwarding of TCP 80 and RTSP at TCP/UDP 554 to the camera IP address
Celona
Edge context: External IP domain to corporate DHCP server
Device Group: add a device group to associate specific SIMs with this deployment
IDG500-C6012: Reserve a DHCP IP address for the camera
As we will be configuring port forwarding to the camera's web service and RTSP service, we should have the CPE DHCP server assign a consistent, predictable IP address to the camera. Obtain the MAC address (e.g. from a label printed on the camera) and set the IP address - in our lab we set the camera address to 192.168.123.100
.
IDG500-C6012: Configure port forwarding to the camera services
In the port forwarding configuration of the IDG500, we set port forwarding rules to the camera web service at TCP port 80, and RTSP at TCP/UDP port 554. Note: To setup additional cameras behind this same CPE, you can have additional unique inbound ports (e.g. 556, 557) from the corporate side of the network to connect to multiple port 554 and IP address camera combinations.
With this configuration, we can now connect to the camera from the Macbook on the same side of the network, behind the same CBRS CPE. We cannot connect to the camera from the corporate side of the network because the CPE has the Celona Edge DHCP assigned IP address of 12.1.1.33, which is unroutable from the corporate side of the network.
To remedy this, we need to configure 2 options in Celona:
External IP Domain
Device Group
Celona: (Edge context) Configure an External IP domain
The External IP Domain tells the Celona Edge to bypass its DHCP IP address assignment of CBSDs, and instead forward DHCP requests to an upstream DHCP server. In our lab, we configured the External IP address domain (the Netgear Nighthawk M1 router with AT&T SIM).
Celona: Configure a Device Group to associate SIMs
We now need to tell Celona which SIMs will be utilizing this External IP Domain. In the Device Group page, we configure a Device Group with the SIM for the IDG500.
With the IDG500 and Celona configurations complete, we now have this updated topology:
Verify the following connection methods to the camera (using a web browser for the camera web service at port 80 or RTSP at port 554):
From the Macbook at 192.168.123.199 to 192.168.123.100
From the Macbook at 192.168.123.199 to 192.168.4.67
From the Macbook at 192.168.4.62 to 192.168.4.67