ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 12
Registered: ‎04-13-2010

source NAT problem

I'm running AOS 3.4.1.1 on a 6000 controller. Multiple VLANs are configured on the controller; source NAT is enabled for VLAN 99:
!
interface vlan 99
ip address 10.17.99.2 255.255.255.0
ip nat inside
!

When a wireless host on this VLAN pings a wired host on another subnet I would expect the source IP to always be the same, in this case the loopback address of the controller, which is configured this way:
!
interface loopback
ip address 10.35.98.3
!

(Controller master IP is not configured.)


But, the source IP address keeps changing if wireless hosts on this VLAN communicate with hosts on other subnets in the wired network:

For example:
- source IP is 10.35.98.2 when pinging a host on subnet 10.3.0.0/16;
- source IP is 10.10.98.3 when pinging a host on subnet 10.10.0.0/16.
- source IP is 10.35.98.3 when going out to the Internet.

There must be an error in my config somewhere, but I haven't been able to find it. :(
Here are some snippets of my config that I figured are relevant to this issue, I'll gladly post more if needed:


The Aruba controller is connected to my core switch via Port 2/25:
!
interface gigabitethernet 2/25
description "gig2/25"
trusted
trusted vlan 1,98,110,130,135
switchport mode trunk
switchport access vlan 135
switchport trunk native vlan 135
switchport trunk allowed vlan 1,110,130,135
!

The virtual interfaces are configured this way:

interface vlan 99
ip address 10.17.99.2 255.255.255.0
ip nat inside
!

interface vlan 110
ip address 10.10.98.3 255.255.0.0
ip helper-address 10.3.1.1
operstate up
!

interface vlan 130
ip address 10.30.98.3 255.255.0.0
ip helper-address 10.3.1.1
operstate up
!

interface vlan 135
ip address 10.35.98.2 255.255.0.0
operstate up
!

What do I need to change to have the source IP from hosts in Vlan 99 always be 10.35.98.3?


Thanks in advance for any insight,
-Dan
Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Default Gateway of the clients on VLAN 99

What is the default gateway of the clients on VLAN 99? If it is not an IP interface on the controller, it will not source nat properly. If the default gateway of the client on that subnet is the Aruba Controller, the source address should be the egress interface of the Aruba Controller.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎04-13-2010

Default Gateway of the clients on VLAN 99

Default gateway of the clients on VLAN 99 is 10.17.99.2.
Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Route

If the routes to those networks all go through different interfaces on the controller, the source ip address will be different... Is that the case, or do they all take the same logical exit through the controller if you go to 10.3.x.x and 10.10.x.x? If they take different routes, the source IP, being the egress interface, will be different.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎04-13-2010

Route

There's only one controller uplink to my L3 core switch:

!
interface gigabitethernet 2/25
description "gig2/25"
trusted
trusted vlan 1,98,110,130,135
switchport mode trunk
switchport access vlan 135
switchport trunk native vlan 135
switchport trunk allowed vlan 1,110,130,135
!
Search Airheads
Showing results for 
Search instead for 
Did you mean: