Security

last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Centralized guest egress while still getting good local performance (like airplay)

This thread has been viewed 0 times

  • 1.  Centralized guest egress while still getting good local performance (like airplay)

    Posted Sep 17, 2013 11:06 AM

    I'm working in my lab to set up centralized guest egress where I build the vlan on the site controller and gre tunnel that to the data center where the guest vlan (and guest firewall lives). 

    I have that pretty much working.   My client gets a guest vlan IP address, but he's not forced to the captive portal.   Open to suggestions there.

     

    However...I'm thinking of traffic like Airplay...since my L3 address is at the data center, that's gonna suck.

    Is there a way I have the L3 address on my site controller and still tunnel MOST of the traffic back to the data center controller.   And then leak Airplay type traffic out to the site LAN?



  • 2.  RE: Centralized guest egress while still getting good local performance (like airplay)

    Posted Sep 17, 2013 11:23 AM

    If you aren't seeing the captive portal it's likely a 'trust' issue.      Ensure/double check that when the users pop up at the centralized controller they are untrusted first and that should kick off the captive portal with a logon-style role.



  • 3.  RE: Centralized guest egress while still getting good local performance (like airplay)

    Posted Sep 18, 2013 07:05 AM

    Is DNS resolution for public websites happening for the guest clients - this is a prerequisite for captive portal and time and again people forget this.