Controller Based WLANs

Q:

What is IP NAT Outside and how does it work on an Aruba Controller?

NAT Outside support where the traffic of multiple internal networks when sent out needs to be NAT’ed. AOS currently supports “ip nat inside” feature under “interface vlan” tree where traffic gets NAT’d with the desired IP address of the VLAN interface as the source address. While this feature makes for traffic going out of uplink VLAN interface, for traffic which needs local routing, this causes unnecessary address translation. All the non-public inter-VLAN communication gets unnecessary address translation.

Solution:

Moving from 6.4.4.0 will address this issue by having only outbound traffic to get nat’d while the locally routed traffic shall be sent without any address translation. This feature shall be applied on all public facing egress VLAN interfaces. When applied, all the outbound traffic shall get nat’d with the IP address of the VLAN interface as the source address. All the non-public inter-VLAN communication which is routed locally shall remain unaffected.

CLI configuration:

interface vlan 200

        ip address 200.0.0.1 255.255.255.0

        ip nat outside

        operstate up

#show interface vlan 200

VLAN200 is up line protocol is up

MTU 1500 bytes

IP NAT Outside is enabled on this interface

Last clearing of "show interface" counters 0 day 21 hr 47 min 4 sec

link status last changed 0 day 21 hr 44 min 53 sec

Proxy Arp is disabled for the Interface

Auto Operstate up is enabled for this Interface

Tunnels Configured on this Interface:

Tunnel 0

#show datapath session (command will help getting stats for session traffic).

UI Configuration: