In the previous labs in this series, we started with a basic NAT configuration - while this allows for outbound connections, and connections to services from devices also behind the same CBRS gateway/CPE, we also want to be able to connect to services behind CBRS from the rest of the corporate network.
To achieve access to our camera service behind CBRS from the corporate network, to the basic NAT configuration, we added to the CPE a DHCP reservation and port forwarding. On the Celona side, we added an External IP Domain to forward DHCP requests to an upstream DHCP server and Device Group to determine which SIMs are part of the topology.
What if we do not want to access services with non-standard ports for port forwarding? For example in addition to port 554 for RTSP, what about using 555 and 556 (for possibly 2 more camera devices behind the same CPE)?
What if the use case requires 1 CPE per service? For example, 1 camera per CPE?
A Celona network can utilize the IP Passthrough capability of some CPEs in this case. IP Passthrough disables the NAT and DHCP functionality of the CPE and assigns the device behind the CPE an address from a DHCP server that is on the corporate side of the Celona Edge.
In our lab topology, above, this upstream DHCP server is 192.168.4.1.
Configuring Cradlepoint R500 for IP Passthrough
We found that in contrast to NAT mode, for IP Passthrough vs NAT, that the WAN Management Connection State needs to NOT be Aways On and reverted to Connect as needed.
To configure IP Passthrough, navigate to Local Networks > Local IP Networks.
Edit Primary LAN, enable IP Passthrough and set Subnet Selection Mode to Automatically Create Subnet. Important: Enable
Always Proxy ARP.
Celona configuration for IP Passthrough
We utilized the same External IP Domain (from Edge context) and Device Group definitions as in the previous lab that used NAT instead of IP Passthrough.
At this point, you can connect to the camera in the same way that you did in NAT (192.168.4.67). The difference now is that the CPE can only manage 1 device in IP Passthrough and that the service (camera in this case) is given the IP address by the DHCP server via the CPE.