Security

Reply
Contributor II
Posts: 44
Registered: ‎08-08-2013

Captive portal with both interfaces in use

Hello;

 

I'm currently preparing to implement a captive portal guest authentication with Clearpass, and I've been reading through the forums to hopefully learn from other people's problems in advance. :)

 

One thing I've seen are several references to only using one interface on the Clearpass server. Can anyone tell me whether this is a design limitation, or is it possible to set up the captive portal with both interfaces active?

 

Andrew

Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Captive portal with both interfaces in use

From the ClearpassPolicy Manager user guide

 

cppm.JPG



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: Captive portal with both interfaces in use

Thanks.  That is how I have it configured and working (just CPPM, not CP yet).

 

From this post: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/clearpass-guest-wih-captive-portal/td-p/78254

 

The first question asked in the first respones was "Are you using only one network interface on the CPPM?"

 

So, I guess my question is better phrased as "are there any factors I need to consider when using CP on a Clearpass appliance with 2 network interfaces vs 1"?

 

Andrew

Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Captive portal with both interfaces in use

I can only guess that was a troubleshooting step just in case the routing was inconsistent.  Please feel free to ask the user in the original thread what he meant.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: Captive portal with both interfaces in use

Thanks for that. I'll assume that the CP URL just needs to resolve to the data interface and carry on from there.

Thanks

Andrew
Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Captive portal with both interfaces in use

Correct.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: Captive portal with both interfaces in use

OK, routing makes my life more intesting. :)

 

The CP will be used both for traffic from an Aruba controller (residences) and for wired traffic (campus). 

 

I'm assuming (there's that word again) that the first page load coming from the wireless side will be redirected to the CP by the controller regardless of where the default gateway and DNS are pointing, since the controller sees all.

 

But how do I get the wired traffic on the campus to the Clearpass box?  There is a firewall and router between the client and Clearpass right now, but I do have some flexibility in the design.

 

I've attached a quick overview.  The firewall is providing DHCP and NAT to the residences.

 

Andrew

Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Captive portal with both interfaces in use

What do you plan to be doing with the wired traffic on ClearPass?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: Captive portal with both interfaces in use

The overall goal is to allow devices to authenticate to the campus network with macauth or 802.1x, with unauthenticated users going to a terms and conditons page and then to the Internet instead.

 

"Wired" traffic also refers to wireless traffic from a guest SSID egressed onto a specific VLAN, but that's managed by an HP controller so it's probably out of scope for this forum.

 

Andrew

Search Airheads
Showing results for 
Search instead for 
Did you mean: