Wired Intelligent Edge

Our ArubaOS VC has a br0 interface with a NAT setup for the guest network. There is a gateway entry for the network that must be changed now due to a change in our infrastructure at school. I have not been able to figure out how to make this change in ArubaOS.

 

See the routing table below. I need to change the gateway from 172.16.0.101 to 172.16.0.105.

 

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

172.16.0.0      0.0.0.0         255.255.252.0   U         0 0          0 br0

10.100.0.0      0.0.0.0         255.255.252.0   U         0 0          0 br0

0.0.0.0         172.16.0.101    0.0.0.0         UG        0 0          0 br0

 

      ----         -------  ----      ----  ---------------------  --------------  -------------  ------   ----  ------

ELHS-GUEST   ELHS-GUEST   1        guest     all   Internal CP            None            NAT Mode       Enabled  -     Default

 

 

What is doing the natting?

172.16.0.101 is the default gateway of what device?

I assume the Aruba VC is doing the NAT. 

 

172.16.0.101 was the old gateway (a Palo Alto 200) that is being removed and a SonicWall NSA-220 is being used at 172.16.0.105.

Okay. So this is an instant AP? Guest traffic for instant APs that have a virtual controller assigned clan are natted out of the IP address of the Virtual Controller, and that cannot be changed. If you want traffic natted to another address, you should pick Network Assigned, select the VLAN and have another device downstream do the Natting

I am new to the Aruba wireless setup, so forgive me if I sound a bit ignorant. Yes, we have an S2500 PoE and an Aruba VC, which I have been told resides in the APs (actually it seems one AP in particular). The IP of the Aruba VC is in the 172.16.0.x range and the secure wireless network gets IPs from a Windows server on our network. The Aruba VC has an IP of 172.16.0.131 and the S2500 is .131. The APs are all in the 172.16.0.x range too.

 

A Guest wireless network allows people to connect and get a 10.100.0.x IP from the Aruba NAT / DHCP. I can not find a way to edit any of those configurations, thus my problem. We would like to keep the guest network from seeing the SECURE network. 

 

I have some learning to do.

Guest traffic will have to pass through the 172.16.0.x network to the internet.  To keep them from seeing the network, you will have to edit the SSID and under the Access Tab> Network Based, restrict the networks that it can connect to.  Please see the guide here:  http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/For-the-Beginner-Aruba-Instant-IAP-Basic-setup/ta-p/80744

Colin - I appreciate the link to the setup guide. 

 

I am wanting to understand the current setup prior to making changes. The employee network is 172.16.x.x. The guest network is 10.100.x.x and their is DHCP handing out IPs from the Aruba unit. And I assume it is doing NAT right now. What I really want to know is where I can modify the DHCP info. I will attach a screenshot a two of the current setup.

Virtual controller managed vlans are always natted out of the virtual controller.  The default gateway cannot be anything besides a hidden ip address on the AP.