Higher Education

last person joined: 15 days ago 

Got questions on how to enable mobility in education? Submit them here!
Back to discussions
Expand all | Collapse all

NAT

This thread has been viewed 8 times

  • 1.  NAT

    Posted Apr 08, 2015 10:08 AM

    Question 

     

    Can you NAT wireless client traffic to an interface that is configured for DHCP. 

     

    The uplink of my controller is setup to obtain the ip address via dhcp.

     

    1. Do i need to change the controller ip addres for the uplink vlan interface? So wireless clients use this ip as the source ip address?

     

    2. For the wireles client traffic do you apply the nat via a role assigned with a policy that use 

     

    any any any src-nat pool dynamic-srcnat

     

    In the VP when i assigned vlan X, the controller is acting as the DHCP server. How do i Nat the wireless traffic to the outgoing interface configured with DHCP. 

     

    Hope i make sense, thank you for the help 

     

     

     



  • 2.  RE: NAT

    Posted Apr 08, 2015 10:11 AM

    You can use a DHCP interface for the controller and NAT traffic to it.   Easiest way is to NAT the VLAN:

     

    interface vlan <X>

    ip nat inside

     

    EDIT:   run this on the VLAN the users are assigned to



  • 3.  RE: NAT

    Posted Apr 08, 2015 10:15 AM

    interface vlan <X>

    ip nat inside

     

    When traffic leave the vlan x would the source ip add change to the controller ip? Beside the ip nat inside under the interfac vlan. What command would help verify it is working? 

     

    Do i need to check the "Enable source NAT for this VLAN" under the vlan interface as well or just the ip nat inside?



  • 4.  RE: NAT

    Posted Apr 08, 2015 10:20 AM

    If i not mistaken you cannot change the controller ip to a interface vlan that the ip address is assigned via DHCP. So i need to setup the NAT to the outgoing interface that is receiving the dynamic ip. 

     

    1. i cannot obtain a static public address for the conroller-ip, so i need to use the outgoing interface that is configured to obtain ip add via DHCP. 



  • 5.  RE: NAT

    Posted Apr 10, 2015 10:26 AM

    I followed this config to solve my issue. This might help someone else:

     

     

    !
    vlan 10 OUTSIDE-INTERNET
    vlan 20 INSIDE-NETWORK
    !
    ip access-list session OUTSIDE-INTERNET
    any any svc-dhcp permit (required for DHCP)
    any any tcp 22 permit (use this to allow SSH to controller)
    any any tcp 4343 permit (use this to allow SSL/WebUI to controller)
    any any tcp 80 dst-nat ip 192.168.168.100 (use the following to host multiple web servers - this one is NAT only, no PAT)
    any any tcp 81 dst-nat ip 192.168.168.101 80 (this one is port 81 incoming then NAT and PAT to port 80)
    any any tcp 82 dst-nat ip 192.168.168.102 80 (this one is port 82 incoming then NAT and PAT to port 80)
    any any tcp 83 dst-nat ip 192.168.168.103 80 (this one is port 83 incoming then NAT and PAT to port 80)
    any any tcp 37777 dst-nat ip 192.168.168.99 (see hosted security camera example below)
    any any any deny
    !
    interface gigabitethernet 1/0
    description OUTSIDE-INTERNET
    trusted
    ip access-group OUTSIDE-INTERNET session
    switchport access vlan 10
    spanning-tree port fast
    !
    interface gigabitethernet 1/1
    description INSIDE-NETWORK
    trusted
    switchport access vlan 20
    spanning-tree portfast
    !
    interface vlan 10
    ip address dhcp-client
    operstate up
    !
    interface vlan 20
    ip address 192.168.168.1 255.255.255.0
    ip nat inside
    operstate up
    !
    ip dhcp excluded-address 192.168.168.1 192.168.168.128
    !
    ip dhcp pool HOME-DHCP-POOL
    default-router 192.168.168.1
    dns-server import
    domain-name arubanetworks.com
    network 192.168.168.0 255.255.255.0
    !
    service dhcp
    controller-ip vlan 20
    !