Security

Reply
New Contributor
Posts: 2
Registered: ‎01-22-2017

Clearpass multi-AD, how to join to multiple AD if single DNS cannot resolve all domains?

[ Edited ]

Hi, I'm setting up CP to authenticate endpoints on 3 separate, non-connected networks. The networks are connected to CP on individual VLAN interfaces. I've setup route statements to direct traffic to the proper VLAN based on the IP subnet.

 

How can I join CP to multiple ADs if the DNS server can only service requests for one of the ADs? I can't use conditional forwards in DNS because the ADs can communicate with each other. 

New Contributor
Posts: 2
Registered: ‎01-22-2017

Re: Clearpass multi-AD, how to join to multiple AD via different interfaces? Multi DNS?

[ Edited ]

I know you can add up to 3 DNS servers, but I'm assuming that this is simply a failover scenario, when a server becomes unresponsive, it will hop to the next...

 

Is it possible to assign a DNS server for each domain?

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Clearpass multi-AD, how to join to multiple AD via different interfaces? Multi DNS?

If your main domain controller cannot resolve all Active Directory domains in your environment you may need to stand up a split-DNS server for ClearPass with conditional forwarders.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: