Considering Wifi network with Aruba controller 8.x and Clearpass.
How do we seperate Guest network completely from corporate LAN including separate DHCP and DNS for guest users (using captive portal) . What is the recommendation ?
Is there any reference VRD or document on this , Kindly advise.
Please see this VRD for guest. All of the concepts are the same (roles, acls, vlans, etc...) but may be located somewhere else in the GUI for AOSv8: https://community.arubanetworks.com/aruba/attachments/aruba/Aruba-VRDs/157/3/Guest%20Access%20with%20ArubaOS.pdf
You can assign all of the guest roles to a separate vlan on the same trunk link, or spin up a separate interface terminating to a firewall. In that vlan, you can assign the DHCP addresses from an upstream L3 device (recommended), or locally on the controller vlan interface.
Thanks , any recommendations on ( internal or public) DNS and captive portal ?
I can tell you from my experience, most organizations just allow DNS to their internal DNS servers, or a few of them, and either use internal captive portal in the controller, or clearpass/ise for external. Depends on what kind of guest experience you want for your users. For most, the guest user VLAN/Subnet is always off of a firewall in a DMZ or external zone.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.