Manualshelf

WESM zl Management and Configuration Guide WT.01.XX and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-44
Introduction
ProCurve Wireless Edge Services zl Module
Uses for NAT. Typically, NAT works at the interface between two networks
controlled by separate entities. For example, you are probably familiar with
how NAT functions on the Internet. The NAT device sits between your private
network and the Internet. It intercepts packets sent from the private network
to the Internet, changing all private source addresses to a single public IP
address that is known on the Internet. If hosts on the Internet need to access
a device in your private network, such as a Web server, the NAT device
performs destination NAT in the other direction, translating traffic destined
for the publicly known IP address to the correct private IP address.
The Wireless Edge Services zl Module performs NAT in much the same way,
and you can use the module to ready traffic for transmission on the Internet.
Other typical uses include:
isolating wireless and wired traffic and preserving IP addresses
You should guard the threshold between the wireless and wired network
rigorously. As mentioned before, one of the best ways to protect the wired
network is to create VLANs specifically for wireless traffic. The module
can handle all necessary functions for those VLANs, including DHCP
services and routing.
The module should also perform dynamic source NAT on addresses in
the VLAN for wireless users, translating all wireless stations’ IP
addresses to its own IP address on the wired network. This step ensures
that, even though the VLAN for wireless users does not exist in the wired
network, return traffic finds its way to the module and back onto the
wireless network.
Another benefit of using dynamic source NAT on wireless traffic is that
the wireless stations do not consume IP addresses in the wired network.
They all share a single IP address on the wired network—the IP address
of the Wireless Edge Services zl Module.
concealing IP addresses in the private, wired network from wireless users
You can configure the Wireless Edge Services zl Module to translate the
source IP addresses of traffic that originates on your private, wired
network. To allow access to specific private servers, you must also
configure destination NAT, which translates the IP address advertised in
the wireless network back to the private address on the wired network.
relaying traffic destined for a particular server to a different server
For example, wireless stations might send requests to one server on the
Internet, but you want to force the stations to communicate with a
different server. In this case, you configure static destination NAT to
translate packets destined to the first server to the server of your choice.