Nat on the user vlan
Nat on the role
Nat using a nat pool
Nat on the user vlan:
We won’t able to get or print the syslog message.
Nat on the role
If there is no nat pool, it use switch ip address by default. Attached is the sample config. Make sure we have enabled log on the acl user hits.
Nat using a nat pool
It uses the nat pool but we need to make sure the log is checked and user hit the acl
If we have both 1 & 3 in a combo, we won’t get the message as Vlan takes the precedence.
May 21 20:51:33 :124006: <WARN> |authmgr| {1} UDP srcip=20.1.1.2 srcport=137 dstip=20.1.1.255 dstport=137, action=src-nat, role=Nat, policy=Nat
May 21 20:51:33 :124006: <WARN> |authmgr| {2} UDP srcip=20.1.1.2 srcport=64181 dstip=224.0.0.252 dstport=5355, action=src-nat, role=Nat, policy=Nat
May 21 20:51:33 :124006: <WARN> |authmgr| {3} UDP srcip=20.1.1.2 srcport=51505 dstip=239.255.255.250 dstport=1900, action=src-nat, role=Nat, policy=Nat
May 21 20:51:33 :124006: <WARN> |authmgr| {4} TCP srcip=20.1.1.2 srcport=64418 dstip=10.1.10.10 dstport=389, action=src-nat, role=Nat, policy=Nat
May 21 20:51:33 :124006: <WARN> |authmgr| {5} UDP srcip=20.1.1.2 srcport=1900 dstip=239.255.255.250 dstport=1900, action=src-nat, role=Nat, policy=Nat
May 21 20:51:34 :124006: <WARN> |authmgr| {6} UDP srcip=20.1.1.2 srcport=58031 dstip=224.0.0.252 dstport=5355, action=src-nat, role=Nat, policy=Nat
May 21 20:51:36 :124006: <WARN> |authmgr| {7} UDP srcip=20.1.1.2 srcport=51509 dstip=224.0.0.252 dstport=5355, action=src-nat, role=Nat, policy=Nat
May 21 20:51:36 :124006: <WARN> |authmgr| {8} UDP srcip=20.1.1.2 srcport=5353 dstip=224.0.0.251 dstport=5353, action=src-nat, role=Nat, policy=Nat
May 21 20:51:36 :124006: <WARN> |authmgr| {9} proto=ipv6 srcip=20.1.1.2 dstip=192.88.99.1, action=src-nat, role=Nat, policy=Nat
May 21 20:51:36 :124006: <WARN> |authmgr| {10} UDP srcip=20.1.1.2 srcport=54904 dstip=224.0.0.252 dstport=5355, action=src-nat, role=Nat, policy=Nat
May 21 20:51:37 :124006: <WARN> |authmgr| {11} UDP srcip=20.1.1.2 srcport=52631 dstip=224.0.0.252 dstport=5355, action=src-nat, role=Nat, policy=Nat
May 21 20:51:37 :137004: <WARN> |mdns| RADIUS server cppm3--3.3.3.3-1812 timeout
May 21 20:51:50 :124006: <WARN> |authmgr| {12} UDP srcip=20.1.1.2 srcport=17500 dstip=20.1.1.255 dstport=17500, action=src-nat, role=Nat, policy=Nat
May 21 20:51:50 :137004: <WARN> |mdns| RADIUS server cppm3--3.3.3.3-1812 timeout
!
wlan ssid-profile "default"
essid "Airdrop"
opmode wpa2-psk-aes
wpa-passphrase 7bb9df99bdfdde639d2222f235b7960a7b8307dc83e05a3b
!
!
wlan virtual-ap "default"
aaa-profile "default-dot1x-psk"
vlan 1000
!
!
ap-group "default"
virtual-ap "default"
regulatory-domain-profile "US"
!
!
interface vlan 1000
ip address 20.1.1.1 255.255.255.0
operstate up
!
!
aaa profile "default-dot1x-psk"
initial-role "Nat"
authentication-dot1x "default-psk"
!
!
user-role Nat
access-list session Nat
!
show ip access-list Nat
ip access-list session Nat
Nat
---
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any any src-nat Yes Low 4