Put the clients for that SSID in a different VLAN (L2) that is connected to that other router / VRF. I would not recommend L2 for client traffic on a controller wherever possible, and handle the L3/routing/NAT on external devices. The situation that you describe happens often for Guest, in that case connect your guest in a VLAN that you connect to a consumer internet router that handles the DHCP, DNS, routing, NAT to keep it fully isolated from the rest of your network. That also eliminates the need to have an IP address on your controller for that subnet, isolating it even further.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 25, 2024 04:03 AM
From: invincible2k
Subject: Policy based NAT and Routing
Hi Herman
Customer want to test the feature and functionality of Policy based Routing and NAT.
Customer requirement is not to use default route for specific SSID. Traffic should be Routed through policy based routing and NAT for specific SSID.
Original Message:
Sent: Jul 23, 2024 10:37 AM
From: Herman Robers
Subject: Policy based NAT and Routing
It's not really recommended to do routing or NAT on a 7200 controller, it's in most cases better to use an external switch/router to do L3/routing and an external firewall to do NAT.
What is the design that you try to build?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 23, 2024 07:47 AM
From: invincible2k
Subject: Policy based NAT and Routing
How to configure Policy based NAT and policy based routing on Aruba controller on ArubaOS (MODEL: Aruba7210), Version 8.10.0.12 LSR
Scenario for Policy Base NAT: (same scenario for policy based routing)
Source IP: 192.168.10.1/24
Source Interface: VLAN 800
Destination IP: Any internet IP address
Source IP: 192.168.20.1/24
Source Interface: VLAN 600
Destination : Any internet IP address