Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility Access Point System Reference Guide

353

53-1003100-01

5

Set or override the following to define the Dynamic NAT configuration:

Select OK to save the changes or overrides made to the dynamic NAT configuration. Select Reset to
revert to the last saved configuration.

Overriding the Profile’s Bridge NAT Configuration

Profile Security Configuration

Use Bridge NAT to manage Internet traffic originating at a remote site. In addition to traditional NAT
functionality, Bridge NAT provides a means of configuring NAT for bridged traffic through an access
point. NAT rules are applied to bridged traffic through the access point, and matching packets are
NATed to the WAN link instead of being bridged on their way to the router.

Using Bridge NAT, a tunneled VLAN (extended VLAN) is created between the NoC and a remote
location. When a remote client needs to access the Internet, Internet traffic is routed to the NoC,
and from there routed to the Internet. This increases the access time for the end user on the client.

To resolve latency issues, Bridge NAT identifies and segregates traffic heading towards the NoC and
outwards towards the Internet. Traffic towards the NoC is allowed over the secure tunnel. Traffic
towards the Internet is switched to a local WLAN link with access to the Internet.

NOTE

Bridge NAT supports single AP deployments only. This feature cannot be used in a branch
deployment with multiple access points.

To define a Bridge NAT configuration that can be applied to a profile:

1. Select the Configuration tab from the Web UI.

2. Select Devices.

3. Select Device Overrides from the options on left-hand side of the UI.

4. Expand the Security menu and select Bridge NAT.

Source List ACL

Use the drop-down menu to select an ACL name to define the packet selection criteria for NAT. NAT
is applied only on packets which match a rule defined in the access-list. These addresses (once
translated) will not be exposed to the outside world when the translation address is used to interact
with the remote destination.

Network

Select Inside or Outside NAT as the network direction for the dynamic NAT configuration. Inside is
the default setting.

ACL Precedence

Set the priority (from 1-5000) for the source list ACL. The lower the value, the higher the priority
assigned to the ACL rule.

Interface

Select the VLAN (from 1 - 4094) or WWAN used as the communication medium between the source
and destination points within the NAT configuration. Ensure the VLAN selected adequately supports
the intended network traffic within the NAT supported configuration.

Overload Type

Define the overload type utilized when Several internal addresses are NATed to only one or a few
external addresses. Options include NAT Pool, One Global Address and Interface IP Address.
Interface IP Address is the default setting.

NAT Pool

Provide the name of an existing NAT pool for use with the dynamic NAT configuration.

Overload IP

If One Global IP Address is selected as the Overload Type, define an IP address used a filter address
for the IP ACL rule.