MR.S wrote

  @W38122077 

 

If you don't have NAT, you have to route, you have to set up a route to the LAN to the router that you have disabled NAT on, otherwise the ISP router won't find the LAN.

 

On the ISP router you must enter such a route to the router on which NAT is disabled 172.16.222.6 is WAN interface to ER605 where nat is disabled

 

 

  @MR.S 

Well that definitely isnt covered in the guide I found at:

https://community.tp-link.com/en/business/forum/topic/702254

I dont have the ability to add a route on the ISP device.  I thought this would be more equivalent to an IP-PassThrough or to transparent-bridge disable NAT functions on other comparable devices from other vendors.  This doesnt look like it will necessarily fit the use case I have at a couple sites that are stuck behind double-NAT when an omada router is in place?

  @W38122077 

The guide is absolutely correct, it explains how to disable NAT, when NAT is disabled you have a router that then must have some manual routing. Talk to your ISP provider to see if they can add routes to your LAN if you can't log into the router yourself to do this.

  @Clive_A 

Dude, as much as j respect the workload you are all under looking after a massive chunk of the forum and answering the same questions over and over I dont think a response like this is particularly helpful or respectful.

He was just asking a genuine question as the documentation isn't particularly clear on what you actually have to do, and he has already been given good, respectful help on the matter from Mr S

  @W38122077 

To be fair, my understanding if this function was more like a lan wide DMZ or one to one Nat for an entire vlan

So if you disable Nat, does it not enable some sort of internal default route for the target lan to the wan ?

  @Clive_A 

I understand it m,ust be frustrating for you getting asked questions you think you have already answered, either in a guide or in forum threads, probably many times over.

But, please remember,, We - "The Users" did not write the firmware, are not the dev team and do not necessarily have access to the same scope of testing lab / equipment that you do.  We cannot be expected to know every little detail of a feature that is new, recently introduced, and has.....somewhat unclear or incomplete documentation.  Definitely sometimes there seems to be a bit of a language barrier and we users, as a whole, seem to be very patient and understand of all of this, so please cut us some slack when a question is politely asked.

When i post a question, comment or Bug report, i try to include as much detail as i possibly can, and always follow up with support email from the rest of the team.  I understand this is important for you to know the full context of it, and I hope you find my posts, comments or questions useful.  Just, cut other people some slack, not everyone is as experienced or knowledgeable about everything!

As for the SD-WAN guide, i figured that would be the case since the feature is brand new and not even on a general release firmware yet (either controller or router) - so i wasnt chasing, and I am not annoyed by the delay.  I was simply asking for better information / guide / instructions on it.  I am happy to wait.

Clive_A wrote

Hi @W38122077 

Thanks for posting in our business forum.

W38122077 wrote

MR.S wrote

W38122077 wrote

Clive_A wrote

Hi @W38122077 

Thanks for posting in our business forum.

W38122077 wrote

  @Clive_A 

 

Is there a guide for how to properly do the "Disable NAT" feature when being used with a controller?  I feel like I have to be doing something incorrectly because as soon as I try to implement, it takes down the whole network due to IP conflicts with the device in front of it.  I've gone as far to reset it and go standalone mode, but as soon as I try to add it to the controller is keeps picking up the x.x.x.1 and conflicting with the other router.

Got a guide in standalone. It should be the same for the controller mode.

  @Clive_A 

 

Yeah, I saw it.  It didn't work.  So I reset to standalone and tried readopting, then disabling NAT.  That didn't work, so I'm back to having just reset to standalone mode and trying to figure out next steps before adding it again...

  @W38122077 

 

 

 

What didn't work? You have to remember that when you disable NAT, NAT is gone and you have to set up routing manually on the routers.

 

 

  @MR.S 

basically my network goes down.  the omada router retains the x.x.x.1 IP and that appears to conflict with ISP router.  what do you mean set up routing manually?  that isnt referenced in the standalone guide at:

https://community.tp-link.com/en/business/forum/topic/702254

Cringe... So, when they and maybe you are one of the users who strongly requested Disable NAT, now we have implemented it and proposed a guide on how to disable it. The steps and config thinking are the same. Problems are back to us which is we did not inform you what would happen after disabling the NAT.

Argh... So, here's what will happen, when you disable the NAT, the router will not translate its IP. It will be exposed to the public network and you may be need to manually route it. Before you disable it, everything is routed to the router and the router translates and routes it.

 

I don't really understand it now. When they requested it, and now you or they don't know how to use it and under what situation you should implement it. This is really awkward.

 

I recall everyone who strongly requested the disable NAT comes from Europe. Why do they need it? Because of their ISP issues and they want to bypass the double-NAT and the following problems.

Yep, I did not recall it wrong, the very original thread they started: https://community.tp-link.com/en/business/forum/topic/599954

🤣 That's why they need it. So, what would be your scenario? Maybe it is even wrong to disable NAT for your use case.

 

About the guide in controller mode, will see what I can do with the guide. Will review it later. It's basically the same steps. But in a different format.

  @Clive_A 

I've spent the better part of this day trying to figure out an appropriate response to "Cringe..."

I didnt strongly request it, but I was highly interested in it when i saw it was coming.  For the life of me, I don't understand how "Cringe" is an appropriate response to asking if there was a configuration guide.  But you do you.  That's enough "cringe" for me.

I figure it out on my own.  Great "community" support...

  @MR.S 

I have been testing the disable NAT (and i think my test setup is somewhat similar to yours

Scenario

MODEM > ER7206 > ER8411 (wan 6)
(ignoring other vlans i have policy routed to other WANs on the ER8411 and concentrating on testing vlan 20 which is policy routed to WAN 6, fed from the 7206 v2 LAN 3)


Disabling NAT on vlan 20 IP range 192.168.100.0/24 on the ER8411 results in no internet to that vlan - correct
Enable Route on ER7206 192.168.100.0/24 hop 10.253.253.253 (WAN 6 IP on ER8411) - internet now working on vlan 20 - correct

With no disable NAT settings on either router, i of course have double nat on vlan 20 - correct

ER7206 is configured that 10.253.253.253 (er8411 wan 6)  is One-to-One NAT to an unused one of my public IPs towards the router. x.x.x.93
Without disable NAT anywhere, vlan 20 has a public IP of x.x.x.93 as defined by my one-to-one nat - correct

WITH the disable nat - vlan 20 has public IP of the "native" WAN port of the er7206 x.x.x.92  -  I am not sure if this is correct or not.  Since the traffic from the 8411 is still coming from its WAN IP, shouldnt the one-to-one NAT still take effect to change its public IP ?

Im struggling to find a use case for disabling NAT, when one-to-one NAT already exists.  perhaps for people who only have one public IP ?  but in most situations, you cannot set a static route on an ISP modem/router so unless you have another TPLink ER or another brand like a microtik etc,in the chain i fail to see how it can work.