Security

Reply
Occasional Contributor I

ClearPass internal DNS name + wireless client have external DNS


It possible to put a internal DNS name to ClearPass, and the wireless clients have  a external DNS but can resolve this name?

https://clearpass.domain.es/login.php --> https://192.168.1.1/login.php

clearpass.domain.es -> 192.168.1.1

client dns ip -> 8.8.8.8

 

How this is configured in the controller?

Guru Elite

Re: ClearPass internal DNS name + wireless client have external DNS

You generally have two options in this case:

 

1) Give your ClearPass servers public DNS entries pointing to the private addresses

2) Use the upstream router's DNS proxy feature to intercept DNS queries for certain names


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: ClearPass internal DNS name + wireless client have external DNS

It is possible to configure the DNS proxy in Aruba Controller?

How it be configured ? 

Guru Elite

Re: ClearPass internal DNS name + wireless client have external DNS

smateos,

 

You cannot configure DNS proxy in the controller, no.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: ClearPass internal DNS name + wireless client have external DNS

Like I said, you need to do it upstream.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ClearPass internal DNS name + wireless client have external DNS


cjoseph wrote:

smateos,

 

You cannot configure DNS proxy in the controller, no.

 


a little thread hijack i apologize.

 

has this ever been considered cjoseph? the controller already does it for the captive portal certificate CN. so why not allow use to do a few extra interceptions? would help a lot in this scenario.

Guru Elite

Re: ClearPass internal DNS name + wireless client have external DNS

There are RFEs for it on the idea portal.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ClearPass internal DNS name + wireless client have external DNS

ah, thanks, time to vote on those.

Frequent Contributor II

Re: ClearPass internal DNS name + wireless client have external DNS

Is there another way to do this we have been using our PA firewall for DNS proxy but it seems to cause slowness with DNS request. We are setup with mac auth following cppm self sponsered registration after my test pc is just using MAC auth if I hard code the DNS to 8.8.8.8 it's much faster but if I leave it on the proxy IP it's much slower. Palo Alto doesn't seem to be able to figure out the problem with slowness. Right now our PA has Static entry's for our CPPM and master controller IP so one can register and get re-directed back to the controller. I was thinking I could leave the vlan and PA DNS proxy with it's static entry's in place then once someone authentcates flip them to a new VLAN which will give them 8.8.8.8 for internet is that possible?

Guru Elite

Re: ClearPass internal DNS name + wireless client have external DNS

If your DNS provider allows it, you can add your ClearPass server IP to public DNS.

 

Changing VLANs might work, but you'd have to use a server-initiated workflow with CoA.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: