Wireless Access

Reply
Occasional Contributor II
Posts: 16
Registered: ‎03-03-2016

NAT Vlan on controller

I'm experiencing a problem of NATing for one of my Vlan on my controller :

I have 2 Vlans : - Vlan 10 which is my default Vlan

- Vlan 33 which is only declared on my controller (and not on the rest of the network)  

 

I'd like to NAT the IP coming from my Vlan 10 to the Vlan 33. I'have already enabled the NAT on the Vlan 33 and I have my default gateway on my Vlan 10.

When i'm am in my Vlan 33 and I want to ping an IP address of my Vlan 10 : The ping goes through the controller, reaches the IP address, goes back to the controller, and get lost. So I can communicate in only one way.

In CLI : 

 

Spoiler

interface vlan 10
ip address 192.168.10.210 255.255.255.0
no ip routing
!

interface vlan 33
ip address 172.16.33.1 255.255.255.0
no ip routing
ip nat inside
!

ip default-gateway 192.168.10.254

 

Any help most welcomed.

Cheers.

Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: NAT Vlan on controller

[ Edited ]

Does the controller have an ip address in VLAN 33?  Is that the default gateway of your clients?  IP nat inside only works for traffic leaving the controller, not between vlans, really....unless I am wrong...

 

EDIT:  Hold on, why do you have "no ip routing" on your VLANs?  That means that the controller default gateway cannot route any traffic...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: NAT Vlan on controller

You need to allow ip routing under those layer 3 VLANS otherwise you won't be able to route

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 16
Registered: ‎03-03-2016

Re: NAT Vlan on controller

Does the controller have an ip address in VLAN 33? Yes, as I wrote previously, it’s 172.16.33.1

Is that the default gateway of your clients?  Yes, it’s default gateway for VLAN 33 users 

IP nat inside only works for traffic leaving the controller : So how does users get a response for dns request, ping,… ?

 Hold on, why do you have "no ip routing" on your VLANs?  Because the controller doesn’t do intervlan routing, it’s done by our network core

 

I tried to activate ip routing on both interface (VLAN 1 and 33) but no way to access to the network !

I activated the source NAT. Are there any other operations to do ? Do I have to activate the NAT pools for example ?

Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: NAT Vlan on controller

What are you trying to do?  It is not clear.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎03-03-2016

Re: NAT Vlan on controller

We have a Guest VLAN (VLAN 33), which is only on the Wifi controller.

We want to allow the users of this VLAN to access to the Internet. To do so, we activated source nat for VLAN 33 users. But we don't manage to make it works.

Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: NAT Vlan on controller

1.  The client default gateway must be the controller's ip address on VLAN 343

2.  You must remove "no ip routing"

3.  You must enable "source nat" or "ip nat inside" on VLAN 33

4.  The client traffic will be source-natted out of the controller's uplink by default.

5.  Client traffic will appear to be coming out of the management ip address of the controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎03-03-2016

Re: NAT Vlan on controller

Well, we already tried this configuration : our requests are nated but we don't get the response of it.

I agree with you that it should work but it doesn't. I made the configuration again and again, beginning from nothing, and I'm still having the same problem. I can only ping the interfaces of my controller (which is logic !)

 

Do you know some commands to see if the NAT is well working ?

 

 

MVP
Posts: 90
Registered: ‎04-02-2013

Re: NAT Vlan on controller

You should be able to see it running: show datapath session table 

 

 

Regards

Borja

 

 

Regards,
Borja
ACMX #567 //ACCP//CWNA//CWAP
Guru Elite
Posts: 21,492
Registered: ‎03-29-2007

Re: NAT Vlan on controller


nbemowski wrote:

Well, we already tried this configuration : our requests are nated but we don't get the response of it.

I agree with you that it should work but it doesn't. I made the configuration again and again, beginning from nothing, and I'm still having the same problem. I can only ping the interfaces of my controller (which is logic !)

 

Do you know some commands to see if the NAT is well working ?

 

 


Well you should open a case with TAC so that they can look at your toplogy and configuration.  OR you should simplify things because we all have the most basic version of this working in our labs (private subnet, ip nat inside, nat working).  You also should check to make sure that you do not have an ACL on an interface that is blocking traffic.  Like was mentioned, "show datapath session table <ip address of client>" is probably the best troubleshooting tool to understand if somethig is being blocked or not.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: