Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Q:
What is IP NAT Outside and how does it work on an Aruba Controller?
NAT Outside support where the traffic of multiple internal networks when sent out needs to be NAT’ed. AOS currently supports “ip nat inside” feature under “interface vlan” tree where traffic gets NAT’d with the desired IP address of the VLAN interface as the source address. While this feature makes for traffic going out of uplink VLAN interface, for traffic which needs local routing, this causes unnecessary address translation. All the non-public inter-VLAN communication gets unnecessary address translation.
Solution:
Moving from 6.4.4.0 will address this issue by having only outbound traffic to get nat’d while the locally routed traffic shall be sent without any address translation. This feature shall be applied on all public facing egress VLAN interfaces. When applied, all the outbound traffic shall get nat’d with the IP address of the VLAN interface as the source address. All the non-public inter-VLAN communication which is routed locally shall remain unaffected.
CLI configuration:
interface vlan 200
ip address 200.0.0.1 255.255.255.0
ip nat outside
operstate up
#show interface vlan 200
VLAN200 is up line protocol is up
MTU 1500 bytes
IP NAT Outside is enabled on this interface
Last clearing of "show interface" counters 0 day 21 hr 47 min 4 sec
link status last changed 0 day 21 hr 44 min 53 sec
Proxy Arp is disabled for the Interface
Auto Operstate up is enabled for this Interface
Tunnels Configured on this Interface:
Tunnel 0
#show datapath session (command will help getting stats for session traffic).
UI Configuration:
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.