ACS through NAT?

Jim-IFN · March 18, 2022, 12:01am

Hello all:

Most of my routers have public IPs, but some are behind NAT. As our own IP space dwindles, we are looking at using CG-NAT for some customers. Also, we occasionally sell a router to a customer on a different ISP that does use CG-NAT, and we have no access / way into their IP space.

I understand not being able to push settings out to the router, but it seems that I can’t even queue them if the connection isn’t publicly reachable. I’d think that at a minimum, I’d be able to queue my changes for the next time the router checks in… I would have expected that through the UI, when I queue changes, I wouldn’t have to hit commit, and they would be processed on next check-in, but it doesn’t appear that is the case.

However, I’m also confused by the fact that the router shows as “online” which leads me to believe there is an open connection between the router and the GenieACS server. If so, why can’t the GenieACS server just use this established connection to send a “please check in now” and have it process its queue then? It was my understanding that this is how TR-069 normally works…It just doesn’t if the router is behind NAT.

JonasGhost · March 18, 2022, 6:38am

This is only possible over the API.

CTC · March 18, 2022, 5:47pm

Hi Jim

to my knowledges then you need to use the API in order to queue tasks and not run them as connections requests.
then the next time the device connects to the acs, which depends on the PeriodicInformInterval that you have set, it will get the jobs in the queue

the online status is also based on the PeriodicInformInterval and Lastinform

rudymartin · March 18, 2022, 6:14pm

IMHO what the word online really means is the CPE have been connected to the ACS for the last few minutes (by default the config page have it set on 5 minutes, me thinks). The details page of the CPE show the ping latency, which should be unreachable if the CPE is behind a NAT.

our solution was to use a VLAN for ACS only with no internet access, and the ACS itself is on the same network with no internet access.

ASHISH · July 19, 2023, 5:17pm

i am new to GenieACS
i need help in VLAN for ACS, how it work, like you said “VLAN for ACS only with no internet access, and the ACS itself is on the same network with no internet access.”

Actually we are small isp in our area, and all of our users are behind NAT.

Topic		Replies	Views
MAC 00:00:00:00:00:00 and offline	1	356	August 29, 2022
CPE does not connect to ACS server	8	3641	October 3, 2022
Pinging Error! TP-Link	8	1749	March 25, 2024
Some Questions about GenieACS capabilities	4	1862	November 13, 2020
Add CPEs to ACS	7	952	January 12, 2024

ACS through NAT?

Related topics