Filter
Top Products
121 | NetworkConfigurationParameters DellPowerConnectW-SeriesArubaOS6.2 | User Guide
d>efault-router 10.1.1.254
d>ns-server import
netbios-name-server import
network 10.1.1.0 255.255.255.0
Configuring Source NAT to Dynamic VLAN Address
When a VLAN interface obtains an IP address through DHCP or PPPoE, a NAT pool (dynamic-srcnat) and a
session ACL (dynamic-session-acl) are automatically created which reference the dynamically-assigned IP addresses.
This allows you to configure policies that map private local addresses to the public address(es) provided to the
DHCP or PPPoE client. Whenever the IP address on the VLAN changes, the dynamic NAT pool address also
changes to match the new address.
For example, the following rules for a guest policy deny traffic to internal network addresses. Traffic to other
(external) destinations are source NATed to the IPaddress of the DHCP/PPPoE client on the controller.
In the WebUI
1. Navigate to the Configuration > Security > Access Control > Policies page. Click Add to add the policy
guest.
2. To add a rule, click Add.
a. For Source, select any.
b. For Destination, select network and enter 10.1.0.0 for Host IP and 255.255.0.0 for Mask.
c. For Service, select any.
d. For Action, select reject.
e. Click Add.
3. To add another rule, click Add.
a. Leave Source, Destination, and Service as any.
b. For Action, select src-nat.
c. For NAT Pool, select dynamic-srcnat.
d. Click Add.
4. Click Apply.
In the CLI
(host) (config) #ip access-list session guest
any network 10.1.0.0 255.255.0.0 any deny
any any any src-nat pool dynamic-srcnat
Configuring Source NAT for VLAN Interfaces
The example configuration in the previous section illustrates how to configure source NAT using a policy that is
applied to a user role. You can also enable source NAT for a VLAN interface to cause NAT to be performed on the
source address for
all
traffic that exits the VLAN.
Packets that exit the VLAN are given a source IP address of the “outside” interface, which is determined by the
following:
l If you configure “private” IP addresses for the VLAN, the controller is assumed to be the default gateway for the
subnetwork. Packets that exit the VLAN are given the IP address of the controller for their source IP address.
l If the controller is forwarding the packets at Layer-3, packets that exit the VLAN are given the IP address of the
next-hop VLAN for their source IP address.