Anybody have a guide on setting up NAT on the APs?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Trying to configure NAT on an AP121 for a small hotspot, but not as easy as I expected. Anybody have tips or an actual guide from Aerohive?
Photo of Hawaiian_AirPHY

Hawaiian_AirPHY

  • 7 Posts
  • 1 Reply Like

Posted 5 years ago

  • 1
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
If you're interested in using the AP to act as the DHCP server for the hotspot, it would go something like the following... (I received this setup from Aerohive Support long ago. If you have multiple APs, the latter steps will need to be done to each AP.)

1.) Create SSID



2.) Create User Profile (assign it to a separate VLAN as it will be NAT'd and will essentially look as if its coming from the IP assigned to the AP.)

3.) Create Firewall Policy for users (used to NAT traffic) Pay close attention to which services are NAT'd. And assign policy to User Profile.



4.) Create a DHCP Server for said hotspot clients.



5.) Add DHCP service to AP(s) that would be acting as DHCP servers for hotspot clients.



6.) Push configs out to APs.

This should allow the AP(s) to act as DHCP servers for clients on the same VLAN that the DHCP server and User Profile are set to and force all traffic from those clients to be NAT'd through the AP.
Photo of Hawaiian_AirPHY

Hawaiian_AirPHY

  • 7 Posts
  • 1 Reply Like
Thanks Brian! I'll give this a try.
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
Yup. Let me know if it give you an issue and I'll run through the process from scratch myself to see what step I missed. But I think its all there!
Photo of Hawaiian_AirPHY

Hawaiian_AirPHY

  • 7 Posts
  • 1 Reply Like
I got the DHCP assigning out correctly to the clients, but I don't know if it's NAT'ing the traffic. Which outside address gets NAT'd, the one on MGT0/WAN IP address?
Photo of Hawaiian_AirPHY

Hawaiian_AirPHY

  • 7 Posts
  • 1 Reply Like
Brian - figured out my error. My AP121 is sitting behind another router giving our an RFC1918 address space. Had to change some things around on my router but looks like it's working. Thanks!