Controllerless Networks

Can someone please explain how exactly IAP source NATs when using VC Managed IP(Magic Vlan). I read IAP NATs user traffic with it's uplink IP address. What exactly is uplink IP, is it the default GW?
Traceroute shows the packets for wired and wireless take the same path & has same Public IP address. I am trying to understand how exactly IAP Source NATs & how packet flows? 

Thanks,

The "magic vlan" source-nats traffic out of the ip address of the Virtual Controller.  If a Virtual Controller ip is set, that is the ip address that the traffic is source natted out of.

https://community.arubanetworks.com/t5/Video/VIDEO-Magic-VLAN/ta-p/115241

Thanks for the video and I get the concept of how VC assigned IP works. What I am actually trying to understand is how does IAP Source NATs? 

For Eg. in Cisco L3 switch 'inside local IPs' get NAT'd to 'Inside global Ips' once configured and we can check with show command on stat etc.

So with this concept, I am assuming AP is simply a Layer 2 Device that forwards all Frames down to the connected switch via ethernet & L3 switch will do all the routing.  So when it's said IAP does Source NAT how does that actually works(step by step)?  

anyone?

It is NAT translation to a single "outside" ip address.  This is not unique to Aruba; it is a generic source nat.  Any definition of source nat would apply to how it happens.

But how does IAP does it? I understand how a layer 3 switch/router will do it. From what I read it says IAP source NAT's. 

The functionality is the same as when your home router or firewall NATs private addresses to a single public address.  The virtual Controller hands out private addresses to users on that WLAN and source-nats the traffic out of the ip address of the Virtual Controller.  The traffic from users that are on that WLAN get tunneled to the Virtual Controller, where the traffic is source natted out of the Virtual Controller's ip address.

Does that make sense?

It does. Think I am getting closer. So this is what I understand. Please correct me if something is wrong. 

1. WLAN client sends DHCP query. 

2. IAP offers a private IP from its magic VLAN DHCP pool (172.31.x.x)

3. WLAN client sends packets to IAP

4. IAP then source-NATs user traffic using Virtual Controller IP & forwards Frame down to the connected switch. 

This is my confusion, maybe my understanding of source-nat is not correct;

From what I understand Source NAT is used to translates private IP address to a public routable address. So with this concept how does IAP translates(source-nat) Private IP addresses to public? Since VC IP is also private IP. 

Public ip address = ip address of VC.

our VC IP is Private IP 

In source-natting, the outside "public" ip address is considered the ip address that all of the traffic is natted out of.  The inside  "private" address is considered the ip addresses that are natted.  It is not related to how  you designate your specific ip address ranges.  Again, this is not specific to Aruba, this is how source-natting works.

Thanks Joseph. That's exactly what I understand about source nat. So in my case, how is IAP source-natting since VC IP is private aswell? 

Any update?

You should consider the VC IP address as the 'outside' portion of the source NAT, and the magic VLAN as the 'inside' portion of the source NAT.  

As traffic then makes it's way to the internet, your internet router / firewall will again source NAT the traffic onto the internet.  This is why you are seeing the same public IP for both your corporate and magic VLAN traffic.