Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Configuring NAT on a 9004 gateway

This thread has been viewed 34 times

  • 1.  Configuring NAT on a 9004 gateway

    Posted Jun 27, 2020 03:30 PM

    Hi fellow Airheads,

     

    I'm not very familiar with NAT, so I hope someone here can help me what I do wrong since it is nog working :(.

     

    My setup is a 9004 gateway as edge router, a L3 switch and a L2 switch.

    In the virtual Mobility Master I do see the NAT rule, however in the show run from my 9004 I don't see this NAT rule. This is probably the reason why it is not working. What do I wrong?

     

    See attachment with the config and topology. If there are any further questions please let me know.

     

    Thanks for looking into this,

    Mark

     

    _1-Topology.png

    _2-R1(9004GW)-Config.png

    _3-R1(9004GW)-MM.png

    _4_SW1(L3 switch).png

    _5_SW2(L2 Switch).png

         



  • 2.  RE: Configuring NAT on a 9004 gateway
    Best Answer

    EMPLOYEE
    Posted Jun 27, 2020 07:56 PM

    I cannot read all of your notes, but if you just want to NAT user traffic out of the public ip address of a controller, please see this here:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/nwk-params/conf-sour-nat-vlin.htm?Highlight=ip%20nat%20inside



  • 3.  RE: Configuring NAT on a 9004 gateway

    Posted Jun 28, 2020 06:06 AM

    Sorry, I was hoping that you were able to enlarge the pictures:

    I uploaded them online.

    http://raatswifi.com/download/_1-Topology.png

    http://raatswifi.com/download/_2-R1(9004GW)-Config.png

    http://raatswifi.com/download/_3-R1(9004GW)-MM.png

    http://raatswifi.com/download/_4_SW1(L3%20switch).png

    http://raatswifi.com/download/_5_SW2(L2%20Switch).png

     

    So, I do understand your inside/outside NAT article, however I've multiple VLAN's behind the inside. Do I pick VLAN 2 (my MGMT VLAN) that is the default gateway or do I need do something else?



  • 4.  RE: Configuring NAT on a 9004 gateway

    EMPLOYEE
    Posted Jun 28, 2020 06:10 AM

    I don't see a public ip address.  Even your ISP modem has a private ip address.  Which device has a public ip address?



  • 5.  RE: Configuring NAT on a 9004 gateway
    Best Answer

    EMPLOYEE
    Posted Jun 28, 2020 07:02 AM

    Since VLAN 800 on the controller gets its ip address from the router via dhcp, you should also do "ip default-gateway import dhcp" so that the controller also gets its default gateway from dhcp:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/1cli-commands/ip-def-gatway.htm?Highlight=default-gateway%20import  You would configure that command at the MD level of that controller.

     

    So, rereading what you have, you should have ip nat outside on VLAN 800 and ip nat inside on every  VLAN that you would want natted out of the VLAN 800 address (e.g. all of your client VLANs would need this to communicate to the internet).



  • 6.  RE: Configuring NAT on a 9004 gateway

    Posted Jun 28, 2020 04:40 PM

    Thank you, will try that tomorrow.

    My modem/ISP is also NAT, so ISP has 192.168.178.1 as internal IP address and as external the public IP address.

     

    So, I'll add the "ip default-gateway import dhcp" command and the IP NAT outside on VLAN 800 and IP NAT inside on my clients VLANs.

     

    Will let you know tomorrow if this worked



  • 7.  RE: Configuring NAT on a 9004 gateway

    Posted Jun 29, 2020 04:09 PM

    Thank you, this worked. So configure/enable the NAT outside under VLAN 800, and configure/enable NAT inside under the client VLANs.