Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass multi-AD, how to join to multiple AD if single DNS cannot resolve all domains?

This thread has been viewed 3 times

  • 1.  Clearpass multi-AD, how to join to multiple AD if single DNS cannot resolve all domains?

    Posted Mar 10, 2017 12:43 PM

    Hi, I'm setting up CP to authenticate endpoints on 3 separate, non-connected networks. The networks are connected to CP on individual VLAN interfaces. I've setup route statements to direct traffic to the proper VLAN based on the IP subnet.

     

    How can I join CP to multiple ADs if the DNS server can only service requests for one of the ADs? I can't use conditional forwards in DNS because the ADs can communicate with each other. 



  • 2.  RE: Clearpass multi-AD, how to join to multiple AD if single DNS cannot resolve all domains?

    Posted Mar 10, 2017 12:54 PM

    I know you can add up to 3 DNS servers, but I'm assuming that this is simply a failover scenario, when a server becomes unresponsive, it will hop to the next...

     

    Is it possible to assign a DNS server for each domain?



  • 3.  RE: Clearpass multi-AD, how to join to multiple AD if single DNS cannot resolve all domains?

    EMPLOYEE
    Posted Mar 11, 2017 12:27 PM
    If your main domain controller cannot resolve all Active Directory domains in your environment you may need to stand up a split-DNS server for ClearPass with conditional forwarders.