It possible to put a internal DNS name to ClearPass, and the wireless clients have a external DNS but can resolve this name?https://clearpass.domain.es/login.php --> https://192.168.1.1/login.phpclearpass.domain.es -> 192.168.1.1client dns ip -> 8.8.8.8
How this is configured in the controller?
You generally have two options in this case:
1) Give your ClearPass servers public DNS entries pointing to the private addresses
2) Use the upstream router's DNS proxy feature to intercept DNS queries for certain names
It is possible to configure the DNS proxy in Aruba Controller?How it be configured ?
smateos,
You cannot configure DNS proxy in the controller, no.
Like I said, you need to do it upstream.
@cjoseph wrote:smateos, You cannot configure DNS proxy in the controller, no.
a little thread hijack i apologize.
has this ever been considered cjoseph? the controller already does it for the captive portal certificate CN. so why not allow use to do a few extra interceptions? would help a lot in this scenario.
ah, thanks, time to vote on those.
Is there another way to do this we have been using our PA firewall for DNS proxy but it seems to cause slowness with DNS request. We are setup with mac auth following cppm self sponsered registration after my test pc is just using MAC auth if I hard code the DNS to 8.8.8.8 it's much faster but if I leave it on the proxy IP it's much slower. Palo Alto doesn't seem to be able to figure out the problem with slowness. Right now our PA has Static entry's for our CPPM and master controller IP so one can register and get re-directed back to the controller. I was thinking I could leave the vlan and PA DNS proxy with it's static entry's in place then once someone authentcates flip them to a new VLAN which will give them 8.8.8.8 for internet is that possible?
If your DNS provider allows it, you can add your ClearPass server IP to public DNS.
Changing VLANs might work, but you'd have to use a server-initiated workflow with CoA.
How does the user get to the internet DNS server before they authenticate do you allow that IP for the external DNS server though the controllers firewall roll for un-authenticated users seems easy to do.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.