We have multiple locations with RAPs broadcasting multiple SSIDs all in bridge mode. We would like to setup a captive portal login for our guest SSID using ClearPass, but my understanding is that this will not work in bridge mode.
The clients at each location are setup with an RFC1918 IP that is not routable over our internal network.
Currently, our controllers are at our data center and only accessible from the internal network and ClearPass is in a DMZ and accessible from internet or internally.
Is there any way to make this work without tunneling all of the client traffic to the controller at our data center? I'm okay with the auth happening over a tunnel, but we need all of the client traffic to be bridged so it goes out the local internet connection.