Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Contributor II

NAT

Question 

 

Can you NAT wireless client traffic to an interface that is configured for DHCP. 

 

The uplink of my controller is setup to obtain the ip address via dhcp.

 

1. Do i need to change the controller ip addres for the uplink vlan interface? So wireless clients use this ip as the source ip address?

 

2. For the wireles client traffic do you apply the nat via a role assigned with a policy that use 

 

any any any src-nat pool dynamic-srcnat

 

In the VP when i assigned vlan X, the controller is acting as the DHCP server. How do i Nat the wireless traffic to the outgoing interface configured with DHCP. 

 

Hope i make sense, thank you for the help 

 

 

 

4 REPLIES
Aruba

Re: NAT

You can use a DHCP interface for the controller and NAT traffic to it.   Easiest way is to NAT the VLAN:

 

interface vlan <X>

ip nat inside

 

EDIT:   run this on the VLAN the users are assigned to

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor II

Re: NAT

interface vlan <X>

ip nat inside

 

When traffic leave the vlan x would the source ip add change to the controller ip? Beside the ip nat inside under the interfac vlan. What command would help verify it is working? 

 

Do i need to check the "Enable source NAT for this VLAN" under the vlan interface as well or just the ip nat inside?

Contributor II

Re: NAT

If i not mistaken you cannot change the controller ip to a interface vlan that the ip address is assigned via DHCP. So i need to setup the NAT to the outgoing interface that is receiving the dynamic ip. 

 

1. i cannot obtain a static public address for the conroller-ip, so i need to use the outgoing interface that is configured to obtain ip add via DHCP. 

Contributor II

Re: NAT

I followed this config to solve my issue. This might help someone else:

 

 

!
vlan 10 OUTSIDE-INTERNET
vlan 20 INSIDE-NETWORK
!
ip access-list session OUTSIDE-INTERNET
any any svc-dhcp permit (required for DHCP)
any any tcp 22 permit (use this to allow SSH to controller)
any any tcp 4343 permit (use this to allow SSL/WebUI to controller)
any any tcp 80 dst-nat ip 192.168.168.100 (use the following to host multiple web servers - this one is NAT only, no PAT)
any any tcp 81 dst-nat ip 192.168.168.101 80 (this one is port 81 incoming then NAT and PAT to port 80)
any any tcp 82 dst-nat ip 192.168.168.102 80 (this one is port 82 incoming then NAT and PAT to port 80)
any any tcp 83 dst-nat ip 192.168.168.103 80 (this one is port 83 incoming then NAT and PAT to port 80)
any any tcp 37777 dst-nat ip 192.168.168.99 (see hosted security camera example below)
any any any deny
!
interface gigabitethernet 1/0
description OUTSIDE-INTERNET
trusted
ip access-group OUTSIDE-INTERNET session
switchport access vlan 10
spanning-tree port fast
!
interface gigabitethernet 1/1
description INSIDE-NETWORK
trusted
switchport access vlan 20
spanning-tree portfast
!
interface vlan 10
ip address dhcp-client
operstate up
!
interface vlan 20
ip address 192.168.168.1 255.255.255.0
ip nat inside
operstate up
!
ip dhcp excluded-address 192.168.168.1 192.168.168.128
!
ip dhcp pool HOME-DHCP-POOL
default-router 192.168.168.1
dns-server import
domain-name arubanetworks.com
network 192.168.168.0 255.255.255.0
!
service dhcp
controller-ip vlan 20
!

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: