IP NAT Outside

Aruba Employee

Summary : How to enable IP NAT Outside on Mobility Switch

 

Introduction :

 

Starting from ArubaOS 7.4, Mobility Access Switch provides support for IP NAT outside on egress VLAN interface. The IP NAT outside feature changes the source IP of all the egressing packets to the IP of the egress VLAN interface.

 

 

Important Points to Remember:
 

 

l User defined ACLs take precedence over IP NAT configuration.

 

l IP NAT outside takes precedence over IP NAT inside.


Do not enable the NAT translation for inbound traffic option for VLAN 1, as this will prevent IPsec connectivity between the controller and its IPsec peers.
 
Network Topology :
 
Packets that exit the VLAN are given a source IP address of the “outside” interface, which is determined by the following:
 
  • If you configure “private” IP addresses for the VLAN, the controller is assumed to be the default gateway for the subnetwork. Packets that exit the VLAN are given the IP address of the controller for their source IP address.
     
  • If the controller is forwarding the packets at Layer-3, packets that exit the VLAN are given the IP address of the next-hop VLAN for their source IP address.

Configuration Steps :
Configuring IP NAT outside:
 
You can use the following command to configure IP NAT on an egress VLAN interface:
 
(host) (config) #interface vlan 10
(host) (vlan "10") #ip nat outside

Verification :
 
Verifying IP NAT Outside:
 
You can use the following command to verify the IP NAT outside configuration on the egress VLAN:
 
(host) (config) #show interface vlan 10
VLAN10 is administratively Up, Line protocol is Up
Hardware is CPU Interface, Address is 00:0b:86:97:18:77
Description: 802.1Q VLAN
Internet address is unassigned
IPV6 link-local address is fe80::b:8600:a97:1877
Global Unicast address(es):
DHCP is enabled. Current state is INIT SELECTING
Routing interface is enabled, Forwarding mode is enabled
Interface is egress source NAT'ed
Directed broadcast is disabled, BCMC Optimization disabled
Encapsulation 802, Loopback not set
Interface index: 50331658
MTU 1500 bytes
Metric 1

 

Version history
Revision #:
1 of 1
Last update:
‎11-10-2014 04:22 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: