08-26-2014 02:45 PM
I want to use a self register captive portal from ClearPass Guest that is in a VLAN10 in Building 1 in my test controller where i configure a SSID with a captive portal authentication that is in the VLAN192 using a ISP modem like DHCP and gateway. There's no way to communicate (to route) the VLAN10 and VLAN192 to assure security of the Data Center. Here is the topology:
The idea is use de VLAN192 for guest, the problem is that this VLAN don't have access to the VLAN of ClearPass. It sounds logical to change the VLAN in the post authentication role but i understand that's not posibble in L3 auth.
I know about the ip cp-redirect-address command to solve this issue but i don't know if this command works for a ClearPass captive portal. I tried and don't work for me. Any suggestions? Thanks in advance.
10-06-2014 03:45 PM
Why don't you just source nat the HTTPS/HTTP and DNS traffic directed to ClearPass using an internal address
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA