08-22-2015 01:39 PM
I deployed clearpass cluster of two nodes where the data interface sits in a public network reachable from the controller by placing on physical port into that public network.
The problem is that everything is going through the Data port which has no reachability internally and I wasn't able to get anything internal to work until i removed the data interface(temporarily).
Any ideas on how to get my mgmt interface to be the default interface for traffic and not the data interface?
08-22-2015 01:42 PM
The customer requirement is to have the guest traffic be isolated into their own vlan. but now clearpass is using that data port for everything and nothing internal is working.
08-22-2015 01:44 PM
08-22-2015 01:49 PM
Still won't work.
the guest network isn't going through any firewall.
The controller, ClearPass, Switch all have physical connection to service provider router and to the Internet, I made up vlan on the switch and the controller vlan 61 is made and a dhcp server on the controller for guest.
08-22-2015 01:52 PM
08-22-2015 01:56 PM
Sorry if I'm confusing you but here is an example of an issue:
Trying to join clearpass to the domain, trying to add AD as an auth source is being done through the guest/ DATA port and is going nowhere. The point is that ClearPass is trying to resolve AD name on the DATA port and is failing because the DNS is internal and there isn't any DNS on the DATA port that can translate AD hostname to IP address.
08-22-2015 01:58 PM