Controllerless Networks

Contributor I


Hi All,

I want to understand how does the NAT work in IAP?

eg: Once i bring the IAP up in my network, what network range the users will get the IP address?

once i connect the IAP to my swicth in a perticular VLAN, the IAP will use the IP address from the dhcp pool from that VLAN. then the users connecting to this IAP, what IP address they will receive, ? guess 172.16.x.x right?

how does the NAT happens and to what IP address the users will be natted?

Super Contributor I

Re: NAT in IAP

It would depend how you set your IAP up. You can tag VLANs on the port of the switch and choose to put users in that specific VLAN, you can simply leave the port untagged and place users in that VLAN, or you can NAT to the IP of the IAP from the virtual controller assigned network of
ACDX #419 | ACMP |
Super Contributor I

Re: NAT in IAP

I actually think the default VC network is Answered to hastily ;)
ACDX #419 | ACMP |
Valued Contributor II

Re: NAT in IAP

Hi Friend,


IAP will NAT the user traffic in one of the following scenario,

1. when you choose VLAN assignement as "Virtual Controller Managed"

2. When you create VPN with the controller and choose DHCP server mode as Local.


When you choose " Virtual Controller Managed " option, client will get the IP either from magic VLAN subnet (172.31.98.x/23) or from the default DHCP scope defined in the IAP.




When you are using IAP VPN, Local DHCP option, client will get IP from the DHCP pool defined under Local.



IAP always NAT( Source NAT) the user traffic with it's uplink IP address.


Hope you got some more clarity on this,


Please feel free for any query on this.

Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
New Contributor

Re: NAT in IAP

Hi Guys,

 Just need some assistance.

I just have a few questions in my and hope you can help me clear it with me.

"Since IAP has a "Virtual Controller Managed" and it does NAT the IP.

Is it possible to give public IP to the AP?""


Contributor I

Re: NAT in IAP

Is there a way to retrieve the current NAT translations from an IAP cluster/VC (show ________ )?


I'm trying to track a guest client that is sending specific traffic.

Guru Elite

Re: NAT in IAP

On the VC use "show datapath session".  Filter on the ip address of the client or the website you are looking for.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
Showing results for 
Search instead for 
Did you mean: