Wireless Access

Reply
Occasional Contributor I

Clearpass captive portal question

Hi

I am quite new to Clearpass. We are about deploy 4 CPPM servers in a single cluster. Regarding the guest captive portal is that load balanced accross all the servers or does it just run on one of them? 

Do i need to place a load balancer in from of the servers to provide high availabilty of captive portal?

 

We will be using the latest 6.7 version.

Occasional Contributor II

Re: Clearpass captive portal question

By using a VIP with your cluster you can make the Captive Portal Page Highly Available.  For load balancing you can use the load balancing feature in ArubaOS under Configuration > Authentication > Servers > Server Group > Load Balancing check box.  Or if you have a load balancer such as an F5 or NetScaler you can run them through that.

Phillip Kluttz
Network Engineer University of North Carolina at Greensboro
Aruba Employee

Re: Clearpass captive portal question

Will all four CPPM appliances be reachable by guests so that they can serve as captive portal?

 

A load balancer could be used, or techniques such as DNS round robin load balancing and/or Virtual IPs on the CPPM appliances to help distribute the load and provide high availablity. Ultimately, you have options available based on your end requirements.


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor I

Re: Clearpass captive portal question

I was planning to have the portal on all 4 of them just for availbility and nothing else. Load wont be very hight but availability is important for us.

 We do have Netscalers so may look to use those.

 

Now i just neeed to figure out how to get the Guest traffic from a Branch office to the portal :-(

Aruba Employee

Re: Clearpass captive portal question

That's always the fun part. :) (Getting traffic from the remote branches back to the internal CPPM appliances)

 

Some customers will expose one or more CPPM appliances to the Internet, so that guests are the remote branch can reach the portal over the public Internet. Some will tunnel from the branch guest networks back to where CPPM is located. Others still may NAT or otherwise allow guest traffic access to the inside IP addresses of CPPM. 


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor I

Re: Clearpass captive portal question

Hi thanks for your help, I had read about going over the internet and also some people using VRF tunnels. I don't want guest traffic on the internal network so these seem the best options.
At the moment and based on your feedback I am thinking.

Data interface of CPPM in DMZ and presenting Captive portal over the internet fronted by a Netscaler. Seems easier than VRF.
Would you recommend this as an option?




Aruba Employee

Re: Clearpass captive portal question

That is one method I've seen used well. The plus side is that connectivity to the captive portal is dependent on the guest Internet connection being available, assuming guest and corporate traffic is segmented at the branch. 


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor I

Re: Clearpass captive portal question

Great, yes corp traffic is all sent back to a central location, guest traffic in branch offices have a local internet breakout. So sounds like it could be a good option.
Thanks



Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: