07-29-2014 11:58 AM
This is a more broad networking concept question but I am just not quite getting it.
We recently implemented ClearPass for guest access. ClearPass server is at 172.21.1.35 internally. We have a LAN guest network at 192.168.1.0/24 (with a Palo Alto as the default gateway doing DHCP) and a wireless guest network (local to the controller and not routed) at 192.168.10.1/24 for which the controller does DHCP.
Guest connects to network, gets 192.168.10.X address and is assigned to clearpass_logon role. In order for them to hit the captive portal at 172.21.1.35 we have to NAT 172.21.1.10 (the controllers path to the internal network) to itself but I am not clear why.
I have to document the connectivity and I see how it works but not why, I am really hung up on why we have to NAT 172.21.1.10 to itself in order to hit the captive portal.
07-29-2014 12:02 PM
07-29-2014 12:09 PM
I get that an L3 interface is needed to route the traffic internally, I am not clear why NAT is needed to do this. Cant the L3 interface in 192.168.10.0 (on the controller) route internally by sending to 172.21.1.10 (also on the controller)?