Campus Switching and Routing

Reply
Frequent Contributor I

User based NAT

Hi Guys,

 

i read all NAT related posts in the forum and i tried a lot but i cannot get it working.

 

I have a local controller in Branch office.

The controller has got three vlans:

 

VLAN1 10.10.56.0./22  => Management

VLAN2 192.168.1.0/22 => Wired Network with Internet access GW: .1.1

VLAN20 172.5.1.0/24 => Wireless Clients

 

I want to do NAT for all Clients in VLAN  20.

All VLANs have got IP adresses on its VLAN-Interfaces.

I don't want general connectivity between those VLANs so i created a user role:

user permit any any source nat

to NAT all traffic from VLAN 20

 

This simple config is not working at all. First step is do a ping on the gateway fo VLAN2 but ping is not respondig.

During my research there appeared some questions:

1. Do i have to configure a NAT pool and link it in user policy? (I want to do PAT all Wireless CLients to 1 IP Adress of VLAN 2)

2. Do i have to configure ip-routing on the VLAN Interfaces(NAtting should be done by User role)?

3. Is there a way to troubleshoot or debug this NAT setup?

4. Is  there a way to creat user based routing tables?

 

Thanks in advance!!!!

Frequent Contributor I

Re: User based NAT

Check the “nat inside” and “inter vlan routing” in the vlan configuration without other config, test first only wired trusted clients

Ricardo Luis Cañavate García - ACMP / ACCA / ACCP / ACDX#972
New Contributor

Re: User based NAT

Hello bro, 

 

Can you please help me about my queries ?. All are mentioned below.

 

1) I am using Hp VAN 2.5.11 over ubuntu 14.04 my app store option on HP VAN controller is not working then how can I resolve this issue?

 

2) What commands should I use over controler so that the users that are connected by open virtual switch can accessing internet? I mean how I enable NAT or PAT. 

 

2) How can I define 2 Networks in a Single Controller ? 

3) How can I block any packet between 2 users of same network? means I want that one user can use FTP but cant ping that IP. which app should I use and from where do I get that app? 


CAÑA wrote:
Check the “nat inside” and “inter vlan routing” in the vlan configuration without other config, test first only wired trusted clients

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: