Security

Reply
Occasional Contributor II

ClearPass Captive Portal Guest Access using RAPs in bridge mode

We have multiple locations with RAPs broadcasting multiple SSIDs all in bridge mode.  We would like to setup a captive portal login for our guest SSID using ClearPass, but my understanding is that this will not work in bridge mode.

 

The clients at each location are setup with an RFC1918 IP that is not routable over our internal network.

 

Currently, our controllers are at our data center and only accessible from the internal network and ClearPass is in a DMZ and accessible from internet or internally.

 

Is there any way to make this work without tunneling all of the client traffic to the controller at our data center?  I'm okay with the auth happening over a tunnel, but we need all of the client traffic to be bridged so it goes out the local internet connection.

Guru Elite

Re: ClearPass Captive Portal Guest Access using RAPs in bridge mode

Captive portal functionality is not possible in bridge mode. Consider using IAPs at these sites.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ClearPass Captive Portal Guest Access using RAPs in bridge mode

Not possible in bridge mode, but it is possible if you set the VAP to split-tunnel.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Occasional Contributor II

Re: ClearPass Captive Portal Guest Access using RAPs in bridge mode

Can you expand on how I would use them as IAPs?  Does that mean instead of connecting our RAPs to our controller at our data center, we would connect to the Aruba Cloud Controller?

Occasional Contributor II

Re: ClearPass Captive Portal Guest Access using RAPs in bridge mode

That is what we are currently looking at, but it's getting messy because the current client IPs are not routable over our MPLS, so we we've been looking at moving the DHCP to the controller or implement some kind of NAT.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: