Controllerless Networks

Reply
Contributor II
Posts: 111
Registered: ‎10-04-2012

Split tunnels on Instants

Hello Airheads,

does anybody know if it is possible to do split tunnelling on an Aruba Instant.

The scenario is:-

lots of small stores dotted around the country (3 or 4 IAP's)

They have a centrally located Clearpass at head office.

They would like clients to obtain IP addresses from the local site router.

When they hit the browser on their iphone they will be pushed to Clearpass where

they will create a guest account and subsequent to that their traffic will find the Internet

through local breakout (i personally think this is a RAP scenario but thought i would run this

past the gurus).

regards

Pete

 

Aruba
Posts: 1,296
Registered: ‎08-29-2007

Re: Split tunnels on Instants

It depends if the Clearpass can be reached via the internet.  If so, then it should be fine.  If not then a firewall on site should be able to allow and NAT the Clearpass traffic back into your internal network.  In the pre-auth role just make it restrictive to allow only DHCP, DNS and http/https to Clearpass.

 

It's not really split-tunneling as such.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 729
Registered: ‎12-01-2010

Re: Split tunnels on Instants

The iAP (4.0.0.0 and beyond for sure, not sure about earlier revision) can NAT guest VLAN traffic to ClearPass.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: