AAA, NAC, Guest Access & BYOD

How to resolve to DMZ controller's IP address when the guest traffic is tunneled to DMZ controller

by on ‎11-11-2014 12:47 PM

Environment         Typical environment where guest traffic is tunneled to DMZ controller from master/local controller or IAP.


We have seen issue with guest user authentication when the traffic is being tunneled from master/local controller or IAP to DMZ. Because DMZ controller is the authenticator but when the client tries to resolve during guest login/post the master/local controller or IAP will respond with its IP address, since the default certificate CN of the controller matches the FQDN

Solution 1:
Installing a new/dummy server certificate on master/local controller or IAP with different CN other than (eg: or and mapping the installed certificate to Captive Portal under Configuration >> MANAGEMENT >> General, will tunnel lookup query from client to DMZ and DMZ will respond  to the client with its IP address for proper POST and authentication.




Install a dummy certificate on the DMZ controller and replace with CN of new certificate in ClearPass Guest under self-registration or weblogin NAS Setting >> Ip/hostname.



Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.