10-10-2016 02:38 PM
Our customer would like to use RAP at a certain location, where the RAP needs to be in bridge mode. There is no DHCP at all, so the RAP has to be the DHCP server as well. We configured it in the AP system profile under RAP DHCP settings. The RAP has public IP. The client was able to get IP from the RAP, but they can't reach neither the default gateway (which is set to the RAP DHCP server IP) nor the Internet. We know that the traffic needs to be NAT-ed to the RAP's public IP. Is it done automatically, or do we have to set a user role, where all client traffic is source nat-ed?
Could you help us?
Thank you for your answer in advance.
Solved! Go to Solution.
10-10-2016 03:08 PM - edited 10-10-2016 03:16 PM
Here is what you need to do at minimum:
In the AP system profile in the ap-group of that RAP, you need to define the Remote-AP DHCP Server VLAN that you will be providing DHCP. This number can be arbitrary, but it needs to match the VLAN of your bridged traffic. If you are broadcasting a Virtual AP on that AP with the forwarding mode "bridged", you need to match the VLAN above. Addresses will be given out by the DHCP server defined in the Remote-AP DHCP Server commands in that AP system profile; the defaults will work just fine, initially. When you create your Virtual AP for those clients, their role only needs to have two ACLS:
any any service dhcp permit
any any any route src-nat
The first ACL will allow your clients to obtain an ip address. The second ACL will source-nat the traffic out of the public address that the RAP obtains.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.