Security

Reply
Occasional Contributor II

CPPM multiples interfaces and Capital portal(source ip)

 

 We have got CPPM cluster serving the corporate users and guest users. There are some SSIDs in both environments require web authentication, which is served by CPPM. Security team got a concern that traffic flow for both corporate and guests are taking the same path from controllers. I have the following doubts in this deployment.

 

  1. What will be the source ip-address when guest/Corporate users try to access capital portal (CPPM). Is it controller address or the end-user vlans address space?
  2. Can CPPM have multiple data ports. So that, we can deploy one port in corporate vrf and other port in guest vrf. In this way, we can host corporate capital portal in corporate vrf and guest capital portal in guest VRF.

 

 

Occasional Contributor II

CPPM multiple data ports and Capital portal(source)

 

 We have got CPPM cluster serving the corporate users and guest users. There are some SSIDs in both environments require web authentication, which is served by CPPM. Security team got a concern that traffic flow for both corporate and guests are taking the same path from controllers. I have the following doubts in this deployment.

 

  1. What will be the source ip-address when guest/Corporate users try to access capital portal (CPPM). Is it controller address or the end-user vlans address space?
  2. Can CPPM have multiple data ports. So that, we can deploy one port in corporate vrf and other port in guest vrf. In this way, we can host corporate capital portal in corporate vrf and guest capital portal in guest VRF.

 

 

Aruba

Re: CPPM multiple data ports and Capital portal(source)

1. unless you are NAT'ing your guest traffic at the controller (or external source), the source ip of the requests will be the actual client VLANs.  

2. CPPM cannot be configured with 2 "data" ports. However the management interface will also respond to Guest requests; so you could use both interfaces

 

From the CPPM Service Routing Technote:

cppm-routing-guest.pnghttps://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14011

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba

Re: CPPM multiples interfaces and Capital portal(source ip)

<Duplicate Post/Response>

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II

Re: CPPM multiples interfaces and Capital portal(source ip)

In your case I would place a cluster of 2 CPPM's in a DMZ (guest vrf)for guest usage, and a cluster of 2 CPPM's in the internal vlan(Corporate vrf).
Cheers,
Frank
Life off the wire
Occasional Contributor II

Re: CPPM multiples interfaces and Capital portal(source ip)

Normally you don't use the mgmt port for user traffic
Cheers,
Frank
Life off the wire
Occasional Contributor II

Re: CPPM multiple data ports and Capital portal(source)

 

I am planning to do NAT on the controller as you mentioned. In this case, whether the CPPM will show "connected users" address as controller-ip or the actual user ip-address.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: