04-14-2016 01:56 AM
I set up a Captive portal profile today, but the portal couldn't pop up.
After I've checked everything, I found I didn't set up a vlan interface for the user's VLAN.
But I have a MAS as my default route, why should I need a vlan interface IP?
Please someone tell me why.
Solved! Go to Solution.
04-14-2016 02:37 AM
Could you tell a little bit more about it?
From the Policy, we can see this:
358: user any 6 0-65535 80-80 d1f90,0000 f80021:permit dnat
Anyone from the User-table tried to reach any IP with a tcp port 80, then hit this policy.
From the WebUi, it shows dst-nat 8081.
Does this dst-nat 8081 mean the vlan interface IP only?
04-14-2016 02:41 AM
This kinda helps me understand why a controller hostsed captive portal config needs an IP on the client VLAN; however, would the same be true if we were redirecting to an external clearpass appliance?
Couldn't I simply have an ACL rule that allows http & https traffic to the clearpass IP?