Ads 468x60px

Network Address Translation-Configuration

Friday, February 14, 2014 7:34 AM
The following sections outline the configuration steps required to enable dynamic and static NAT on an RF Switch:
1)  Dynamic NAT [Section 3.1]:
2)  Static NAT [Section 3.2]:
3.1  Dynamic NAT:

Dynamic NAT provides a simple way to provide Internet access for private addressed hosts by dynamically translating private addresses to a single public IP address. This allows enterprises to provide Internet access to users without having to address internal hosts with publically routable IP addresses using valuable IPv4 address space and exposing the hosts to threats.
As shown in figure 3.1, wired and WLAN clients located on management, data and guest subnets are provided with Internet access through the RF Switch using Dynamic NAT. In this example the RF Switches internal interfaces vlan10 (management) and vlan70 (guest) have been designated as NAT
Inside interfaces and the public interface vlan4094 has been designated as a NAT  Outside interface.
This configuration will allow the RF Switch to translate packets received on the management and guest Inside interfaces to the Outside public IP address.
In addition a standard IP list has been created with entries to only allow NAT translation  for specific IP wired and WLAN subnets. In this example the standard IP list allows the following:
1)  Packets received on the management interface from local hosts in the 192.168.10.0/24 management subnet and remote hosts in the 192.168.40.0/24 data subnet will be translated.
2)  Packets received on the guest interface from local hosts in the 192.168.70.0/24 guest subnet will be translated.
3)  Packets received on the management interface from remote hosts in the 192.168.90.0/24 voice subnet will not be translated.

Web UI Configuration Example:
The following configuration example will demonstrate how to enable dynamic NAT for internet access for specific IP subnets using the Web UI:
1. In the menu tree select Security > NAT. Select the Interface tab then click Add.


2. In the Security > NAT > Configuration window specify the interface Type for each virtual Interfacecreated on the RF Switch. In this example the management (vlan 10) and guest (vlan 70) virtual interfaces will be designated as Inside and the Internet (vlan 4094) virtual interface will be designated as Outside. Click OK.


3. In the menu tree select Security > Firewall. Select the Configuration tab then click Add to create an ACL to tell the RF Switch which source subnets to NAT for Internet access.


4. In the Security > Firewall > Configuration window set the ACL Type to Standard IP List. Enter a unique ACL ID then click OK


5. In the Add Rule window create a rule for each subnet you wish to provide Internet access to. For 
each rule set the Operation to Permit and specify the Source Mask and Source Address. In this 
example the management (192.168.10.0/24), WLAN data (192.168.40.0/24) and WLAN guest 
(192.168.70.0/24) subnets will be permitted Internet access. Click OK after creating each rule.


6. In the menu tree select Security > NAT. Select the Dynamic Translation tab then click Add. This will create a dynamic NAT rule translating private addresses defined in the ACL received on inside interfaces to the public outside internet  vlan4094. 

7. In the Security > NAT > Configuration window set the Type to Inside. Set the Access List to the access-list ID created in step 4 and set the Interface to the public outside virtual interface  vlan4094. Click OK.



8. Click Save to apply and save changes
Nhãn: ,

0 nhận xét:

Post a Comment

Subscribe to: Post Comments (Atom)