Multi-nets NAT vs. ePilot E400 separating groups of users on different SSIDs in enterprise

I try to use E400 within enterprise remote division/office, where there is a need to provide wireless access for guests and for groups of company workers, without the possibility to have any communication between these groups, however all should have an access to the Internet. This application requires a so called multi-nets NAT at least.

E400 can have up to 16 WLANs, i.e. 16 different SSIDs. Each WLAN has assigned one VLAN with values 1-4096, and inside each such VLAN a separate NAT can be configured. It means multiple NATs are on E400. All these VLANs appear on Ethernet port configured as TRUNK, which means I suppose the traffic from each VLAN is tagged. Hence we need external networking equipment which will appropriately route the traffic between these VLANs and the Internet, and block any traffic between these VLANs, right?

On the other side, for the same purpose there is available the solution from competitors, which has much less advanced radio inside, but does all what is needed for the same application at the almost similar price to E400. I mean here TP-ER604W from TP-Link. As far as I know this TP-Link product is not cloud manageable, but I strongly want to have it under cnMaestro.

Does anyone know is any trick possible on E400 to have multi-nets NAT and VLAN separation, however with the Ethernet not tagged beeing a WAN access to the Internet? The manual for E400 is mostly the text document, without explanations, drawings and application examples, which in turn rise doubts on the effect of combining some settings in the configuration.

This is easily doable .

you will need external equipment to route all traffic to internet when you are not NATing these VLAN interfaces.

but when you NAT them , E400 Ethernet (WAN side) will translate them and send it out . so here you can keep different vlans , NAT them and Ethernet will send it out from all interfaces .

no need to do trunk configuration , keep default access port configuration on ethernet .

only problem you may see is that with this config, ping from vlan A might go to Vlan B and trick which i will suggest you

for this is use IP based ACL rule .

configure them in wlan configuration and deny traffic from 192.68.2.0 subnet to 192.168.3.0 subnet (example)

Hello there,

I am also trying to use this concept but only 1 x NAT with the dhcp services  and this can be achieved locally

In my case I want to deploy the NAT and dhcp on the cnmaestro cloud but is this possible because I can not find the NAT option on the WLAN cnmaestro cloud

Thanks

Stephen

hi,

dhcp server and nat functions are supported only on access point but not on cnMaestro (either cloud or on premises version). if you need help on configuring nat and dhcp server we shall be able to help.