IP NAT is used in the networks for following purposes:
1. Save address space.
2. Hide internal addresses for security.
Aruba is usually used at the Edge in the networks, we can always use private IP addresses and NAT them at a router or the firewall.
Also Aruba has inbuilt Policy enforced firewall function thus it doesn't need to hide the IP addresses of the wireless clients for security.
|
In Aruba, IP nat inside is used so that the user traffic takes the IP address of the controller vlan and no new routes need to be added to the existing wired network for the user vlan.
|
Environment : This article is applicable for All Aruba Controllers and OS versions.
We have a controller with two VLANS1.
Vlan 1 <=====> 10.1.1.1 /24 <======> g0/0
Vlan 2 <=====> 10.1.2.1 /24 <======> g0/0
Vlan 3 <=====> 10.1.3.1 /24 <======> g0/0
# config t
# int vlan 2
# ip nat inside
We have enabled IP NAT inside on Vlan 2.
Now, when a packet comes to the controller on VLAN 2 it is checked if it to be routed or switched. If the destination is in same vlan, then it will be switched else it will be routed.
If it is routed, it will be routed out a vlan depending upon the routing table. Since IP nat inside is enabled on the source vlan, the packet when it exits controller, it takes the Source IP of the exiting Vlan.
Thus a ping from 10.1.3.2 to 10.1.1.2 is not Natted. (As IP NAT is not being done on the source VLAN)
however a ping from 10.1.2.2 to 10.1.1.2 will be source natted to the IP address of the vlan i.e. 10.1.1.1
If the frame is not being received on the other end please verify if it is being dropped by any ACL or if ip routing is disabled on the vlan.