Wireless Access

Reply
Occasional Contributor II
Posts: 11
Registered: ‎05-27-2015

NAT Issue - Arbua Controller showing at Destination is Web filter

[ Edited ]

I have an Aruba controller, Aruba7005-US, running version 6.4.3.2.

I have web filter that filters the web traffic from both wired and wireless networks. I'm having trouble distinguishing the wireless traffic from the wired traffic.

 

The wireless traffic from the wireless clients are showing in the web filter's web log as the management IP of the wireless controller rather than the IP of the wireless device.

 

Is there a way I can have the Aruba controller pass the IP address of the wireless device? The wired subnet is 10.1.10.0/24 and the wireless is 172.16.0.0/24.

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

That is because you have "ip nat inside" on your guest VLAN in the controller.

 

You need to remove that statement and have a route in your network pointing to the controller's management ip address for the guest subnet.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎05-27-2015

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

[ Edited ]

Colin,

 

Thank you.  Can you give me a little more detail about how to make "a route in your network pointing to the controller's management ip address for the guest subnet?"

 

 

 

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

Question:  Does you or someone else manage your wired network (switches and routers)?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎05-27-2015

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

I manager them all.  I'm new to Aruba. The Ariba OS and GUI are a little foreign to me. 

 

I already made a route in the web filter to filter the traffic on the wireless subnets. 

 

 

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

[ Edited ]

Allright.  This has more to do with your infrastructure than the wireless.  What device is the default gateway of 10.1.10.0/24?  That device needs a route pointing to the controller's ip address for the guest subnet 172.16.0.0/24 

 

After you do that, you need to uncheck "ip nat inside" (turn off natting) on the guest VLAN on the Aruba Controller by doing this:

 

config t

interface vlan x

no ip nat inside

exit

 

After you do those two things, your web filter should be able to see the source ip addresses of your guest clients.  We will have to add an ACL on your guest role in the  Aruba Controller to block access to your internal subnets, however.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎05-27-2015

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

[ Edited ]

The gatway is a firewall. 10.1.10.x

The Aruba Controller Management IP is 10.1.10.x

There are 3  VLANS on the controller are:

 

Trusted VLAN 1- 10.x.x.x/24

Default VLAN 2- Tristed Wireless devices 172.x.x.x/24

Guest VLAN 3- 192.x.x./24

 

- There is already an ACL between the the Guest VLAN and the other two.
- Traffic  on VLAN 1 and 2 are allowed to communicate to each others network.

 

**Note**

VLAN 1 gets DHCP from Domain Controller

VLAN 2 has DHCP enabled

VLAN 3 has DHCP enabled

 

My original question pretained to VLAN2. The Guest VLAN is not in the picture at the moment, but I will want to montor that network as well.

 

 

Moving on, i'm confirming that you are directing me to make a route from the gateway 10.x.x.x/24 to the managment IP of the Controller 10.x.x.x or to the VLAN 2 gateway 172.x.x.x?

 

*lest save the VLAN 3 out of the picture until I get VLAN 2 setup.

 

 

 

 

 

 

 

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

You need a route on your firewall pointing to the controller's management ip address for the subnet 172.16.x.x/24.  That will allow traffic returning from the internet to find the 172.16.x.x trusted wireless subnet.  Also, your firewall will also need to allow traffic to be natted from the 172.16.x.x subnet to allow it to go to the internet....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎05-27-2015

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

In the case that I make a mistake what are the commands I need to reverse:

 

config t

interface vlan x

no ip nat inside

exit

 

ALso what are the commands to write the config to the running config. 

Thank you.

 

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: NAT Issue - Arbua Controller showing at Destination is Web filter

So, I want to suggest you call TAC, because while I can give you advice here, I might not have the full picture and that would lead to giving you bad advice.

 

To reverse, I would do

 

config t

interface vlan x

ip nat inside

write mem



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: