04-30-2014 09:30 AM
does anybody know if it is possible to do split tunnelling on an Aruba Instant.
The scenario is:-
lots of small stores dotted around the country (3 or 4 IAP's)
They have a centrally located Clearpass at head office.
They would like clients to obtain IP addresses from the local site router.
When they hit the browser on their iphone they will be pushed to Clearpass where
they will create a guest account and subsequent to that their traffic will find the Internet
through local breakout (i personally think this is a RAP scenario but thought i would run this
past the gurus).
04-30-2014 11:48 AM
It depends if the Clearpass can be reached via the internet. If so, then it should be fine. If not then a firewall on site should be able to allow and NAT the Clearpass traffic back into your internal network. In the pre-auth role just make it restrictive to allow only DHCP, DNS and http/https to Clearpass.
It's not really split-tunneling as such.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294
04-30-2014 01:04 PM
The iAP (184.108.40.206 and beyond for sure, not sure about earlier revision) can NAT guest VLAN traffic to ClearPass.
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it