Jason - We moved our NAT functionality off the Aruba controllers to separate boxes because of some limitations in the NAT functionality in our specific architecture. We are using two different boxes/methods - one for guest users and one for authenticated users. While the Aruba NAT capability is quite good, it didn't go quite far enough for us from a routing and logging perspective.
If you are just trying t set up different NAT pools for each group traffic - that's easy. If what you are trying to do is more involved, I may be able to point you in the right direction as well. Contact me off list to discuss the particulars. >>-> Stan Brooks - CWNA/CWSP Emory University University Technology Services 404.727.0226 AIM/Y!/Twitter: WLANstan MSN: wlans...@hotmail.com<mailto:wlans...@hotmail.com> GoogleTalk: wlans...@gmail.com<mailto:wlans...@gmail.com> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jason Appah [jason.ap...@oit.edu] Sent: Friday, December 09, 2011 10:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] advice on impementations for Aruba Anyone? Jason Appah Security / Systems Administrator OIT 541-885-1719 On Dec 7, 2011, at 1:52 PM, "Jason Appah" <jason.ap...@oit.edu<mailto:jason.ap...@oit.edu>> wrote: All, We are looking to allow the private addresses of the unsecured wireless to pass through our aruba, how would we go about configuring the nat pools to accomplish this? That is the 192.168.x.x that the client is assigned to pass through the aruba on the way out to the external FW. As it stands rightnow the aruba is performing PAT on its own address for the clients behind it. the only reason why this is an issue is our aruba performs captive portal for our wired and wireless infrastructure, so it is infact the router. Any suggestions or reading? I’m not looking for the dc-daylight but more a primer on where to start.. Thanks! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.