Security

Reply
Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Question about ClearPass 6.X. Services tech note

Hi,

 

I deployed clearpass cluster of two nodes where the data interface sits in a public network reachable from the controller by placing on physical port into that public network.

The problem is that everything is going through the Data port which has no reachability internally and I wasn't able to get anything internal to work until i removed the data interface(temporarily).

 

Any ideas on how to get my mgmt interface to be the default interface for traffic and not the data interface?

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Question about ClearPass 6.X. Services tech note

Use just the management interface.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Re: Question about ClearPass 6.X. Services tech note

Thanks,

The customer requirement is to have the guest traffic be isolated into their own vlan. but now clearpass is using that data port for everything and nothing internal is working.

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Question about ClearPass 6.X. Services tech note

Guess traffic will still be isolated but you just allow captive portal to the management interface.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Re: Question about ClearPass 6.X. Services tech note

Still won't work.

the guest network isn't going through any firewall.

The controller, ClearPass, Switch all have physical connection to service provider router and to the Internet, I made up vlan on the switch and the controller vlan 61 is made and a dhcp server on the controller for guest.

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Question about ClearPass 6.X. Services tech note

Captive portal will be served up on the data interface. RADIUS will go through the management interface. Not sure I understand the issue.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Re: Question about ClearPass 6.X. Services tech note

Sorry if I'm confusing you but here is an example of an issue:

 

Trying to join clearpass to the domain, trying to add AD as an auth source is being done through the guest/ DATA port and is going nowhere. The point is that ClearPass is trying to resolve AD name on the DATA port and is failing because the DNS is internal and there isn't any DNS on the DATA port that can translate AD hostname to IP address.

Guru Elite
Posts: 8,190
Registered: ‎09-08-2010

Re: Question about ClearPass 6.X. Services tech note

Give the management interface a DNS address and remove dns from the data interface.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Re: Question about ClearPass 6.X. Services tech note

The DNS in MGMT-internal only. Even pinging the DNS ip from cppm CLI did not work until I removed the DATA port IP.

Search Airheads
Showing results for 
Search instead for 
Did you mean: