Table of Contents
Advertisement
Configuring Network Address Translation Rules
Network Address Translation (NAT) is the process of modifying network address information when packets
pass through a routing device. The routing device acts as an agent between the public (the Internet) and the
private (local network), which allows translation of private network IP addresses to a public address space.
Instant supports the NAT mechanism to allow a routing device to use the translation tables for mapping the
private addresses into a single IP address. When packets are sent from this address, they appear to originate
from the routing device. Similarly, if packets are sent to the private IP address, the destination address is
translated as per the information stored in the translation tables of the routing device.
Configuring a Source-NAT Access Rule
The source-NAT action in access rules allows the user to override the routing profile entries. For example, when
a routing profile is configured to use 0.0.0.0/0, the client traffic in L3 mode access on an SSID destined to the
corporate network is sent to the tunnel. When an access rule is configured with Source-NAT action, the users
can specify the service, protocol, or destination to which the source-NAT is applied.
You can also configure source-based routing to allow client traffic on one SSID to reach the Internet through
the corporate network, while the other SSID can be used as an alternate uplink. You can create an access rule to
perform source-NAT by using the Instant UI or the CLI.
In the Instant UI
To configure a source-NAT access rule:
1. Navigate to the WLAN wizard or the Wired settings window:
To configure access rules for a WLAN SSID, in the Network tab, click New to create a new network
l
profile or click edit to modify an existing profile.
To configure access rules for a wired profile, More > Wired. In the Wired window, click New under
l
Wired Networks to create a new network or click Edit to select an existing profile.
2. Click the Access tab.
3. To configure access rules for the network, move the slider to the Network-based access control type. To
configure access rules for user roles, move the slider to the Role-based access control type.
4. To create a new rule for the network, click New. To create an access rule for a user role, select the user role
and then click New. The New Rule window is displayed.
5. In the New Rule window, perform the following steps:
a. Select Access control from the Rule type drop-down list.
b. Select Source-NAT from the Action drop-down list, to allow for making changes to the source IP
address.
c. Select a service from the list of available services.
Default: All client traffic by default will be directed to the native vlan.
Tunnel: All network-based traffic will be directed to the VPN tunnel.
VLAN: All client based traffic will be directed to the specified uplink VLAN using the IP address of the
interface that IAP has on that VLAN. If the interface is not found, this option has no effect.
d. Select the required option from the Destination drop-down list.
e. If required, enable other parameters such as Log, Blacklist, Classify media, Disable scanning, DSCP
tag, and 802.1p priority.
f. Click OK.
6. Click Finish.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Roles and Policies |
186
Hide quick links:
Advertisement
Table of Contents
