Wireless Access

Hi,

Just noticed that for two different clients on seperate vlans that both have an 'ip nat inside' that they can't communicate with each other.

What do I need to do to make it so?  I'm sure it is a simple command or two, but just wanted to check with others first.

This is for a vap that has two vlans pooled and if the site fails over to another controller, then the traffic is NAT'd from that failover controller.

Thanks

Once you do an ip nat inside, you create a boundary that cannot be crossed from the other side.  You will probably need another device doing the natting if you want two devices behind a nat boundary to talk to each other.  They MUST be on the same side of the nat.

<Update>

Let me qualify that.  If the two vlans doing ip nat inside are on the same controller, the clients should be able to talk to each other.  If they are on separate controllers, that establishes a definite boundary that can only be crossed in a single direction.

ok, thanks Colin.

Yes, it is two vlans on the same controller.  Understand completely why it won't work on different controllers. :smileywink:

It was only a quick test of a failover scenario and client A on vlan A couldn't  ping client B on vlan B.  Everything else was fine though.

I'll do some more extensive testing the next install I setup and test the failover.

Thanks again