So I have a customer who is using a filtering system on the guest network to keep people from accessing inappropriate websites. They want to be able to use see exactly who attempts to do this in their firewall, but right now the IAP is sending the requests as itself.
We configured the VC to hand out IP addresses for the users and on their firewall, any request from 192.168.1.1/24 is given the gateway of the virtual controller. The virtual controller's gateway is the firewall/filter and is sending the request as itself. Is there a way to keep from NAT the request and send as the user instead?
They currently have a 3200 controller we are replacing and they had the same issue, but don't remember how it was resolved.
Any ideas here? They cannot change the way they are processing data as this is a school and I'm not sure how to resolve this. I considered having them filter any request from the VC address to fix that issue, but we have a 802.1x network as well and wanted to make sure it wouldn't break that either.
With IAPs, when you use a guest type network with DHCP, the Virtual Controller will ALWAYS NAT the traffic using the VC address. Your other option is to configure a VLAN with DHCP services off the switch or a DHCP server at this location.
Seth is correct, so if you use the internal DHCP server of the IAP, it will always NAT the requests as the IAP itself. If you use a local DHCP server on the network somewhere else, and it will route the traffic normally and traffic will source from your client device instead.
@Mister_245 wrote:Yes, but it will NAT behind the IP address of the IAP that is running the VC role, not the access point that the client is connected through, right?
Unfortunatelly no, it NAT behind each AP's IP so if you are using DHCP for APs then it's difficult to control it. VLAN is the only option I see.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.