Wireless Access

I've setup a RAP-5 port for bridge mode.  I want the device connected to the bridged port to have unrestricted access to the Internet.  In my testing I can not get the bridged device talking to anything external to the RAP.  As a sidenote, I know that the bridged device is reachable on the RAP by wireless clients in the split-tunnel policy I setup.

I can't post the config at the moment, but here is basically what I've setup:

Port 4 is in bridged mode.

Default role for the anything connected to port 4 is "authenticated" (confirmed the device receives this role when connected).

RAP is setup to provide DHCP for the bridged unit (confirmed device receives IP, SM, DG, and receives DNS server from upstream router).

I've checked the firewall state of the RAP and it is allowing the traffic that the bridged device transmits which is why I'm so baffled.

Do I need a src NAT policy for bridge mode traffic egressing the RAP?  Thoughts?

i guess that your firewall policy in the authenticated role is "any any any permit". If this is the case then change it to "user any any route src-nat"

Also take a look at the Aruba Remote Access Point (RAP) Networks (esp. chapter 18) VRD available at www.arubanetworks.com/vrd

Regards,

Sathya

That is correct.  I will make the change and report back the results.

I changed the rule as suggested to source nat the traffic which gave the bridge device access to the Internet.  However, the split-tunnel wireless users then lost access to the bridge device.  I need both the wireless users to have access to the bridge device, and the bridge device needs access to the Internet.  Any thoughts?

In the AP System Profile of that AP-Group for your Remote AP, try enabling "Remote-AP Local Network Access".