Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 228 Access Points

191

192

193

194

195

196

197

198

199

200

In the CLI

To configure source NAT access rule:

(Instant AP)(config)# wlan access-rule <access_rule>

(Instant AP)(Access Rule "<access_rule>")# rule <dest> <mask> <match> <protocol> <sport>

<eport> src-nat

(Instant AP)(Access Rule "<access_rule>")# end

(Instant AP)# commit apply

Configuring Source-Based Routing

To allow different forwarding policies for different SSIDs, you can configure source-based routing. The source-

based routing configuration overrides the routing profile configuration and allows any destination or service to

be configured to have direct access to the Internet (bypassing VPN tunnel) based on the ACL rule definition.

When source-based routing is enabled, the Virtual Controller performs source NATby using its uplink IP

address.

To configure source-based routing:

1. Ensure that an L3 subnet with the netmask, gateway, VLAN, and IP address is configured. For more

information on configuring L3 subnet, see Configuring L3-Mobility on page 330.

2. Ensure that the source IP address is associated with the IP address configured for the L3 subnet.

3. Create an access rule for the SSID profile with Source NAT action as described in Configuring Source-Based

Routing on page 193. The source NAT pool is configured and source based routing entry is created.

Configuring a Destination NAT Access Rule

Instant supports configuration of the destination NAT rule, which can be used to redirect traffic to the specified

IP address and destination port. Destination-NAT configuration is supported only in the bridge mode without

VPN.

You can configure a destination-NAT access rule by using the Instant UI or CLI.

In the Instant UI

To configure a destination NAT access rule:

1. Navigate to the WLAN wizard or Wired settings window:

l To configure access rules for a WLANSSID, in the Network tab, click New to create a new network

profile or edit to modify an existing profile.

l To configure access rules for a wired profile, More > Wired. In the Wired window, click New under

Wired Networks to create a new network or click Edit to select an existing profile.

2. Click the Access tab and perform any of the following steps:

l To configure access rules for the network, slide to Network-based.

l To configure access rules for user roles, slide to Role-based.

3. To create a new rule for the network, click New. To create an access rule for a user role, select the user role

and then click New. The New Rule window is displayed.

4. In the New Rule window, perform the following steps:

a. Select Access control from the Rule type drop-down list.

b. Select destination-NAT from the Action drop-down list, to allow changes to the source IP address.

c. Specify the IP address and port details.

d. Select a service from the list of available services.

e. Select the required option from the Destination drop-down list.

Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide Roles and Policies | 193