Override Bridge NAT Configuration

About this task

Use Bridge NAT to manage internet traffic originating at a remote site. In addition to traditional NAT functionality, Bridge NAT provides a means of configuring NAT for bridged traffic through an access point. NAT rules are applied to bridged traffic through the access point, and matching packets are NATed to the WAN link instead of being bridged on their way to the router.

Using Bridge NAT, a tunneled VLAN (extended VLAN) is created between the NoC and a remote location. When a remote client needs to access the internet, internet traffic is routed to the NoC, and from there routed to the internet. This increases the access time for the end user on the client.

To resolve latency issues, Bridge NAT identifies and segregates traffic heading towards the NoC and outwards towards the internet. Traffic towards the NoC is allowed over the secure tunnel. Traffic towards the internet is switched to a local WLAN link with access to the internet.

To define a NAT configuration or override that can be applied to a profile:

Procedure

  1. Select Configuration → Devices from the web UI.
    The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
  2. Select a target device in the lower left-hand side of the UI.
    You can also select a target device by double-clicking it in the list in the Device Configuration screen.
  3. Select Profile Overrides → Security.
  4. Select Bridge NAT.
    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.
    Click to expand in new window
    Profile Overrides - Security - Bridge NAT Screen
  5. Refer to the following Bridge NAT settings to determine whether a new bridge NAT configuration needs to be created, or whether an existing one can be edited or deleted:
    Access List Lists the ACL applying IP address access/deny permission rules to the Bridge NAT configuration.
    Interface Lists the communication medium (outgoing layer 3 interface) between source and destination points. This is either the access point‘s pppoe1 or wwan1 interface or the VLAN used as the redirection interface between the source and destination.
    NAT Pool Lists the names of existing NAT pools used with the bridge NAT configuration. This displays only when Overload Type is NAT Pool.
    Overload IP Lists the IP address used to represent a large number of local addresses for this configuration.
    Overload Type

    Define the overload type utilized when several internal addresses are NATed to only one or a few external addresses. Select NAT Pool, One Global Address, or Interface IP Address.

    ACL Precedence Lists the administrator-assigned priority set for the ACL. The lower the value listed, the higher the priority assigned to these ACL rules.
  6. Click Add to create a new bridge VLAN configuration, Edit to modify or override an existing configuration, or Delete to permanently remove a configuration.
    Click to expand in new window
    Profile Security - Dynamic NAT - Screen
  7. Select the ACL whose IP rules are applied to the policy based forwarding rule.
    You can define a new ACL by clicking the Create icon, or you can modify an existing set of IP ACL rules by clicking the Edit icon.
  8. Use the IP Address Range table to configure IP addresses and address ranges that can used to access the internet.
    ACL Precedence Set the priority (from 1 - 5000) for the ACL. The lower the value, the higher the priority assigned to these ACL rules.
    Interface Select the outgoing Layer 3 interface on which traffic is redirected. The interface can be an access point wwan or pppoe interface. Traffic can also be redirected to a designated VLAN.
    NAT Pool Displays the NAT pool used by this bridge NAT entry. A value is only displayed only when Overload Type has been set to NAT Pool.
    Overload IP Lists the IP address used to represent a large number of local addresses for this configuration.
    Overload Type

    Define the overload type utilized when several internal addresses are NATed to only one or a few external addresses. Select NAT Pool, One Global Address, or Interface IP Address. Interface IP Address is the default setting.

  9. Click + Add Row to set the interface, overload, and NAT pool settings for the bridge NAT configuration.
    Click to expand in new window
    Security Source Dynamic NAT Screen
  10. Click OK to save the changes.
    Click Reset to revert to the last saved configuration.