Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
8-14
Configuring Network Address Translation (NAT)
Planning the NAT Configuration
You want to conceal IP addresses used in your LAN from wireless users.
Separate the VLANs for wired traffic from the VLANs for wireless traffic: When
you specify the uplink VLANs in which the Wireless Edge Services zl Module
places traffic from WLANs, choose different VLANs from those already used
in the wired network.
Next, define the wired VLANs as inside interfaces and define the wireless
VLANs as outside interfaces.
Configure static destination NAT on outside traffic. Each static destination NAT
definition allows you to map a global IP address and destination port to a
particular address used in your internal network, typically that of network
servers. Create a different NAT definition for each server in the Ethernet network
that users in the wireless network must access.
Note The Wireless Edge Services zl Module performs at most one type of NAT on a packet.
Therefore, you should typically configure source NAT for either inside or outside
interfaces.
For example, your internal (wired) network might use VLAN 2, and the module might
perform dynamic source NAT on all traffic from that VLAN, translating the addresses
used on the Ethernet network to the module’s address on the wireless network. You
might also configure static destination NAT for wireless traffic destined to certain
wired servers.
Configuring dynamic NAT for wireless traffic would have no effect on traffic destined
to the wired resources: when the module translates an outside packet’s destination
address, it does not apply dynamic NAT.
Because wireless traffic enters the Ethernet network with its source address
unchanged, the Ethernet infrastructure devices must know routes to the subnetwork
for wireless traffic.