Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Policy based NAT and Routing

This thread has been viewed 8 times
  • 1.  Policy based NAT and Routing

    Posted Jul 23, 2024 07:47 AM

    How to configure Policy based NAT and policy based routing on Aruba controller on ArubaOS (MODEL: Aruba7210), Version 8.10.0.12 LSR

    Scenario for Policy Base NAT: (same scenario for policy based routing) 

    Source IP: 192.168.10.1/24

    Source Interface: VLAN 800

    Destination IP: Any internet IP address

    Source IP: 192.168.20.1/24

    Source Interface: VLAN 600

    Destination : Any internet IP address 



  • 2.  RE: Policy based NAT and Routing

    Posted Jul 23, 2024 10:38 AM

    It's not really recommended to do routing or NAT on a 7200 controller, it's in most cases better to use an external switch/router to do L3/routing and an external firewall to do NAT.

    What is the design that you try to build?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Policy based NAT and Routing

    Posted Jul 25, 2024 04:04 AM

    Hi Herman 

    Customer want to test the feature and functionality of Policy based Routing and NAT. 

    Customer requirement is not to use default route for specific SSID. Traffic should be Routed through policy based routing and NAT for specific SSID.




  • 4.  RE: Policy based NAT and Routing

    Posted Jul 25, 2024 05:45 AM

    Put the clients for that SSID in a different VLAN (L2) that is connected to that other router / VRF. I would not recommend L2 for client traffic on a controller wherever possible, and handle the L3/routing/NAT on external devices. The situation that you describe happens often for Guest, in that case connect your guest in a VLAN that you connect to a consumer internet router that handles the DHCP, DNS, routing, NAT to keep it fully isolated from the rest of your network. That also eliminates the need to have an IP address on your controller for that subnet, isolating it even further.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------