Controller Based WLANs

Which NAT takes prescedence, one on the VLAN or the user role?

Aruba Employee
Question We can have source natting enabled on the Aruba in two ways.
 
1. Nat on the vlan
2. Nat in the user role.
 
which one of these will take precedence i both are configured.
Environment Aruba controller with multiple Vlan configured.

 

We can have NAT enabled in two ways on Aruba controller:


1. On the Vlan

# config t
# int vlan 3
# ip nat inside


2. On a user role

# ip nat pool internal 10.1.1.2 10.1.1.2

# ip access-list session natted-acl
# any any any src-nat pool internal

# user-role natted-role
# access-list natted-acl


Our test setup is as given below:

Vlan 1 =====> 10.1.1.1 /24
Vlan 2 =====> 10.1.2.1 /24
Vlan 3 =====> 10.1.3.1 /24

A user in Vlan 3 is pinging a server in vlan 1

It is falling in user role natted-role. Now, since it is falling in that role, it should be natted by ACL natted-acl to 10.1.1.2

However, since is it inside the Vlan 2, it should be natted to 10.1.1.1 as per IP nat Inside.

Here we see that the user-role takes precedence. Thus the packet will go out of the contoroller with source IP 10.1.1.2
 

Version history
Revision #:
1 of 1
Last update:
‎07-08-2014 12:10 PM
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.