Wireless Access

Reply
Highlighted
Occasional Contributor II

Configuring NAT on a 9004 gateway

Hi fellow Airheads,

 

I'm not very familiar with NAT, so I hope someone here can help me what I do wrong since it is nog working :(.

 

My setup is a 9004 gateway as edge router, a L3 switch and a L2 switch.

In the virtual Mobility Master I do see the NAT rule, however in the show run from my 9004 I don't see this NAT rule. This is probably the reason why it is not working. What do I wrong?

 

See attachment with the config and topology. If there are any further questions please let me know.

 

Thanks for looking into this,

Mark

 

_1-Topology.png

_2-R1(9004GW)-Config.png

_3-R1(9004GW)-MM.png

_4_SW1(L3 switch).png

_5_SW2(L2 Switch).png

     

Wi-Fi is a passion!

Accepted Solutions
Highlighted
Guru Elite

Re: Configuring NAT on a 9004 gateway

I cannot read all of your notes, but if you just want to NAT user traffic out of the public ip address of a controller, please see this here:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/nwk-params/conf-sour-nat-vlin.htm?Highlight=ip%20nat%20inside


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Guru Elite

Re: Configuring NAT on a 9004 gateway

Since VLAN 800 on the controller gets its ip address from the router via dhcp, you should also do "ip default-gateway import dhcp" so that the controller also gets its default gateway from dhcp:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/1cli-commands/ip-def-gatway.htm?Highlight=default-gateway%20import  You would configure that command at the MD level of that controller.

 

So, rereading what you have, you should have ip nat outside on VLAN 800 and ip nat inside on every  VLAN that you would want natted out of the VLAN 800 address (e.g. all of your client VLANs would need this to communicate to the internet).


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Configuring NAT on a 9004 gateway

I cannot read all of your notes, but if you just want to NAT user traffic out of the public ip address of a controller, please see this here:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/nwk-params/conf-sour-nat-vlin.htm?Highlight=ip%20nat%20inside


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Occasional Contributor II

Re: Configuring NAT on a 9004 gateway

Sorry, I was hoping that you were able to enlarge the pictures:

I uploaded them online.

http://raatswifi.com/download/_1-Topology.png

http://raatswifi.com/download/_2-R1(9004GW)-Config.png

http://raatswifi.com/download/_3-R1(9004GW)-MM.png

http://raatswifi.com/download/_4_SW1(L3%20switch).png

http://raatswifi.com/download/_5_SW2(L2%20Switch).png

 

So, I do understand your inside/outside NAT article, however I've multiple VLAN's behind the inside. Do I pick VLAN 2 (my MGMT VLAN) that is the default gateway or do I need do something else?

Wi-Fi is a passion!
Highlighted
Guru Elite

Re: Configuring NAT on a 9004 gateway

I don't see a public ip address.  Even your ISP modem has a private ip address.  Which device has a public ip address?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Guru Elite

Re: Configuring NAT on a 9004 gateway

Since VLAN 800 on the controller gets its ip address from the router via dhcp, you should also do "ip default-gateway import dhcp" so that the controller also gets its default gateway from dhcp:  https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/1cli-commands/ip-def-gatway.htm?Highlight=default-gateway%20import  You would configure that command at the MD level of that controller.

 

So, rereading what you have, you should have ip nat outside on VLAN 800 and ip nat inside on every  VLAN that you would want natted out of the VLAN 800 address (e.g. all of your client VLANs would need this to communicate to the internet).


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Occasional Contributor II

Re: Configuring NAT on a 9004 gateway

Thank you, will try that tomorrow.

My modem/ISP is also NAT, so ISP has 192.168.178.1 as internal IP address and as external the public IP address.

 

So, I'll add the "ip default-gateway import dhcp" command and the IP NAT outside on VLAN 800 and IP NAT inside on my clients VLANs.

 

Will let you know tomorrow if this worked

Wi-Fi is a passion!
Highlighted
Occasional Contributor II

Re: Configuring NAT on a 9004 gateway

Thank you, this worked. So configure/enable the NAT outside under VLAN 800, and configure/enable NAT inside under the client VLANs.

Wi-Fi is a passion!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: