Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
581582583584585586587588589590
8-21
Configuring Network Address Translation (NAT)
Configuring NAT
The full procedure for adding rules to ACLs is documented in Chapter 7: “Access
Control Lists (ACLs).” The following rule guidelines apply to ACLs used for NAT:
In the Operation field, the permit operation means that traffic will be subject to
NAT; the deny operation means that traffic will not be subject to NAT. (The mark
operation does not apply to NAT.)
The entries in the Filters area specify the source IP address or range of source
IP addresses for which NAT will be either permitted or denied. (The Wlan Index
entry is optional.)
For example, to NAT all traffic that arrives from the wireless network, you would set
up a “permit any” rule. Or, to NAT all traffic from a particular subnet, the rule would
specify the subnet’s IP address and subnet mask. For example, you might have
mapped a particular WLAN to a VLAN, and then set up a DHCP pool for that VLAN
on the Wireless Edge Services zl Module. To apply NAT to all of the wireless stations
that have been assigned addresses in that VLAN, specify the VLAN’s subnet IP
address and mask.
After you have created ACLs and added rules to them, you can select those ACLs
when you set up NATs using dynamic translation. (See “Configuring Dynamic NAT”
on page 8-24.)
Configuring NAT
To configure NAT, follow these steps:
1. Enable routing.
See “IP Routing” on page 6-12 of Chapter 6: “IP Services—IP Settings, DHCP,
and DNS.”
2. Define interfaces as inside or outside interfaces.
When you create a NAT definition, you will select whether this definition applies
to inside or outside traffic. To do so, you must know which Wireless Edge
Services zl Module interfaces connect to inside networks and which to outside
networks. See “Defining Interfaces as Outside or Inside” on page 8-22.
3. Configure one or both types of NATs:
Dynamic translation—based on ACLs, which permit or deny NAT based
on IP addresses; as the ACL configuration changes, the NAT configuration
changes as well.