Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Configure IAP to not NAT requests

This thread has been viewed 5 times

  • 1.  Configure IAP to not NAT requests

    MVP
    Posted Oct 22, 2014 11:46 AM

    So I have a customer who is using a filtering system on the guest network to keep people from accessing inappropriate websites. They want to be able to use see exactly who attempts to do this in their firewall, but right now the IAP is sending the requests as itself.

     

    We configured the VC to hand out IP addresses for the users and on their firewall, any request from 192.168.1.1/24 is given the gateway of the virtual controller. The virtual controller's gateway is the firewall/filter and is sending the request as itself. Is there a way to keep from NAT the request and send as the user instead? 

     

    They currently have a 3200 controller we are replacing and they had the same issue, but don't remember how it was resolved. 

     

    Any ideas here? They cannot change the way they are processing data as this is a school and I'm not sure how to resolve this. I considered having them filter any request from the VC address to fix that issue, but we have a 802.1x network as well and wanted to make sure it wouldn't break that either.



  • 2.  RE: Configure IAP to not NAT requests
    Best Answer

    EMPLOYEE
    Posted Oct 22, 2014 01:06 PM

    With IAPs, when you use a guest type network with DHCP, the Virtual Controller will ALWAYS NAT the traffic using the VC address.  Your other option is to configure a VLAN with DHCP services off the switch or a DHCP server at this location.  



  • 3.  RE: Configure IAP to not NAT requests

    Posted Jan 24, 2018 04:49 AM
    Hi!
    Is this info correct Seth?
    I have run into a scenario where I want to hide clients behind the VC for simple routing but it seems to me that it always uses the IAP address for NAT.

    Is there someone out there who can tell me what I am doing wrong? 😁

    /Mister_245


  • 4.  RE: Configure IAP to not NAT requests

    MVP
    Posted Jan 24, 2018 01:05 PM

    Seth is correct, so if you use the internal DHCP server of the IAP, it will always NAT the requests as the IAP itself. If you use a local DHCP server on the network somewhere else, and it will route the traffic normally and traffic will source from your client device instead.



  • 5.  RE: Configure IAP to not NAT requests

    Posted Jan 24, 2018 02:02 PM
    Yes, but it will NAT behind the IP address of the IAP that is running the VC role, not the access point that the client is connected through, right?

    CTO / Teknikchef

    [cid:MailloggaB2Bteknik_241d1520-bd75-43e6-b65f-d6f8add7b024.png]

    B2B IT-Partner AB
    Svetsarvägen 8 BV / Box 1018, 171 21 Solna, Phone: +46 8 635 31 20 , Mob: +46 8 635 31 24 , Vxl: +46 8 635 31 00
    E-mail: Peter.Schmidt@b2bitpartner.se, Internet: http://b2bitpartner.se


  • 6.  RE: Configure IAP to not NAT requests

    Posted May 03, 2019 07:30 AM
    @Mister_245 wrote:
    Yes, but it will NAT behind the IP address of the IAP that is running the VC role, not the access point that the client is connected through, right?

    Unfortunatelly no, it NAT behind each AP's IP so if you are using DHCP for APs then it's difficult to control it. VLAN is the only option I see.