Controllerless Networks


Configure IAP to not NAT requests

So I have a customer who is using a filtering system on the guest network to keep people from accessing inappropriate websites. They want to be able to use see exactly who attempts to do this in their firewall, but right now the IAP is sending the requests as itself.


We configured the VC to hand out IP addresses for the users and on their firewall, any request from is given the gateway of the virtual controller. The virtual controller's gateway is the firewall/filter and is sending the request as itself. Is there a way to keep from NAT the request and send as the user instead? 


They currently have a 3200 controller we are replacing and they had the same issue, but don't remember how it was resolved. 


Any ideas here? They cannot change the way they are processing data as this is a school and I'm not sure how to resolve this. I considered having them filter any request from the VC address to fix that issue, but we have a 802.1x network as well and wanted to make sure it wouldn't break that either.

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. |

Re: Configure IAP to not NAT requests

With IAPs, when you use a guest type network with DHCP, the Virtual Controller will ALWAYS NAT the traffic using the VC address.  Your other option is to configure a VLAN with DHCP services off the switch or a DHCP server at this location.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
Search Airheads
Showing results for 
Search instead for 
Did you mean: