Wired Intelligent Edge (Campus Switching and Routing)

What are conditions to be kept in mind while setting up NAT pool in MAS?

Aruba Employee
Aruba Employee

Environment : Tested with


In order to protect private IPs of trusted servers behind MAS, traffic should be allowed to be initiated from either side. As of Release, session ACLs is supported on user-roles only. With Release, we will support session ACLs for trusted ports also.


  • Session ACL and stateless Ingress ACL cannot co-exist on an RVI.
  • Intended use of session ACL with NAT pools is for trusted ports. If there is a configuration of session ACL on RVI with untrusted ports, Session ACL on RVI takes precedence over user-role ACLs
  • The “dynamic-srcnat” pool found on the controller is not supported on MAS. 
  • Maximum user defined NAT pools is 59
  • NAT priority is; 

           i) User defined NAT via Session ACLs
           ii)NAT inside

  • NAT pool can be associated with src-nat and dual-nat option.
  • Session ACL with NAT pool applied to Ingress RVI
  • Session ACL with destination NAT rule applied to Egress RVI.
  • TRAP rule programmed in TCAM to trap packets requiring NAT action to software.
  • Case of 1:1 NAT mapping.
Version history
Revision #:
1 of 1
Last update:
‎04-09-2015 04:39 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: