05-02-2012 03:49 AM
I am not 100% certain I fully understand how the Aruba Instant solution connects to ClearPass Guest for external Captive Portal.
We are going to host the ClearPass Virtual appliance within a data centre.
When an unauthenticated guest user connects to the Guest SSID, I understand that Instant AP redirects to the ClearPass captive portal page.
Now this is where I am unsure. Does the Aruba Instant act as a proxy, and redirect from its own native VLAN address, or does the client communicate with ClearPass from the Guest VLAN?
My assumption has always been that it communicates as a proxy on the native VLAN, however when asked by engineers whether additional ACL policies need to be configured on the wired network to support this, I realised I was not 100% sure.
Your assistance will be appreciated.
05-02-2012 09:07 AM
You will have to configure a static IP address on the virtual controller which is in the same subnet as the IAPs. This static IP of the VC will act as the RADIUS proxy and will be the NAS client entry on the RADIUS server. I have included a picture that may explain this set up.
If you drop me a note, I can send you a draft doc that can explain how to set this up.