Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎05-01-2015

620 Public Internet with NAT and Firewalls

I read the article from some time back http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Connect-your-Aruba-Controller-to-a-Cable-Modem/td-p/951 But I have some questions on 620 . basically, I am trying to emulate the same function as a home router type thing.  I once saw a document that explained these where I had to add NAT Pools and/or VLAN.  I also want to make a few rules, to build a DMZ as well.  Any thought or help or guidance..  I have the wireless part down, it's just some of these more non-out-of-box things.

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: 620 Public Internet with NAT and Firewalls

You would only have to make sure that "ip nat inside" is enabled for any wireless VLAN on the commandline or "Enable source NAT inside for this VLAN" in the GUI.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: 620 Public Internet with NAT and Firewalls

I posted this a while back; it may get you started: 

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Controller-acting-as-Router/m-p/208147#M41372

 

 

If you want to add additional rules, you can do so with dst-nat on the incoming policy; for example the following is a subset of the config in the above link; it will allow http and https from the Internet to an internal host.

 

ip access-list session XFINITY-LINK-ACL
  any any svc-dhcp  permit 
  any any svc-http dst-nat ip x.x.x.x 80

  any any svc-https dst-nat ip x.x.x.x 443

  any any any  deny

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 21
Registered: ‎05-01-2015

Re: 620 Public Internet with NAT and Firewalls

I'm still a little lost. Here is what I did

(config) #vlan 1000

(config) #interface vlan 1000

(config-subif)#ip address dhcp-client

(config-subif)#exit

(config) #interface fastethernet 1/3

(config-if)#switchport access vlan 1000

(config-if)#exit

(config) #ip default-gateway import dhcp

(config) #exit

#show ip route

Returns the following.  Note that 192.168.0.0/24 is the router I want to replace with the 620

 

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.0.1 to network 0.0.0.0 at cost 1
S*    0.0.0.0/0  [1/0] via 192.168.0.1*
C    192.168.0.0/24 is directly connected, VLAN1
C    10.10.10.0/24 is directly connected, VLAN1010
C    10.10.11.0/24 is directly connected, VLAN1011
C    10.11.10.0/24 is directly connected, VLAN1110

Running Show IP interface brief returns

vlan 1000                   unassigned / unassigned        up      up

 

I have also tried using port 8 gigabit just in case of some kind of physical network issue as well.

 

 

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: 620 Public Internet with NAT and Firewalls

I am assuming that your cable modem is plugged into interface 1/3:

 

You need to unplug then plug in the cable from interface fastethernet1/3 so it can re-dhcp.

Some cable modems will remember the mac address of the last device that was plugged in, and will not issue an ip address unless you reboot the cable modem.  Reboot the cable modem and type "show ip interface brief" to see if VLAN 1000 gets an ip address from your ISP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: 620 Public Internet with NAT and Firewalls

Do you have it plugged directly into the cable modem (or similar from your provider)?   It looks like you still have it plugged into your existing router?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 21
Registered: ‎05-01-2015

Re: 620 Public Internet with NAT and Firewalls

yeah, I had to unplug it to send the message.  But let me try rebooting the cable modem, see if that does it.

Occasional Contributor II
Posts: 21
Registered: ‎05-01-2015

Re: 620 Public Internet with NAT and Firewalls

I tried powering off the modem for a few minutes and the into the 620 gigabit then powered modem back on, still nothing.  here is the dump of data while plugged in.

 

(config) #show interface gigabitethernet 1/8

GE 1/8 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 00:0B:86:63:2F:B9 (bia 00:0B:86:63:2F:B9)
Description: GE1/8 (RJ45 Connector)
Encapsulation ARPA, loopback not set
Configured: Duplex ( AUTO ), speed ( AUTO )
Negotiated: Duplex (Full), speed (1000 Mbps)
MTU 1500 bytes, BW is 1000 Mbit
Last clearing of "show interface" counters 11 day 17 hr 34 min 25 sec
link status last changed 0 day 0 hr 4 min 49 sec
    6064 packets input, 490872 bytes
    Received 5989 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input error bytes, 0 CRC, 0 frame
    2011 multicast, 75 unicast
    728 packets output, 65199 bytes
    0 output errors bytes, 0 deferred
    0 collisions, 0 late collisions, 0 throttles
This port is TRUSTED

 

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                     192.168.0.5 / 255.255.255.0     up      up
vlan 1010                   10.10.10.1 / 255.255.255.0     up      up
vlan 1011                   10.10.11.1 / 255.255.255.0     up      up
vlan 1012                   10.10.12.1 / 255.255.255.0     up      down
vlan 1110                   10.11.10.1 / 255.255.255.0     up      up
vlan 1000                   unassigned / unassigned        up      up
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down

 

(config) #show vlan 1000

VLAN CONFIGURATION
------------------
VLAN   Description  Ports         AAA Profile
----   -----------  -----         -----------
1000   VLAN1000     FE1/3 GE1/8   N/A

 

(config) #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.0.1 to network 0.0.0.0 at cost 1
S*    0.0.0.0/0  [1/0] via 192.168.0.1*
C    192.168.0.0/24 is directly connected, VLAN1
C    10.10.10.0/24 is directly connected, VLAN1010
C    10.10.11.0/24 is directly connected, VLAN1011
C    10.11.10.0/24 is directly connected, VLAN1110

 

 

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: 620 Public Internet with NAT and Firewalls

What is the output of:

Show vlan status
Show ip interface brief


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 21
Registered: ‎05-01-2015

Re: 620 Public Internet with NAT and Firewalls

Hey so I changed the port to access and got an IP address. Now how do I set that as the gateway for non local traffic
Search Airheads
Showing results for 
Search instead for 
Did you mean: