Have run into a configuration issue and need some expert help.
I have a guest VLAN on 192.168.225.0/24 network and all of our internal infrastructure on 172.16.0.0/16. By design, the guest network cannot talk to internal infrastructure, which has presented a bit of an issue for ClearPass Guest enablement.
ClearPass is set up on the management port only in the 172 network. I have tried to set up a L3 GRE tunnel between both the controller and the clearpass server at the request of TAC, and have had no luck yet. My config on the controller is:
(config) #interface tunnel 1
(config-tunnel) #tunnel mode gre ip
(config-tunnel) #no shutdown
(config-tunnel) #trusted
(config-tunnel) #ip address 10.1.1.1 255.255.255.255
(config-tunnel) #tunnel source 10.1.1.1
(config-tunnel) #tunnel destination 172.16.1.10
I have two questions and this will probably help me in the long run - when configuring an L3 GRE tunnel, what should the tunnel source be? The tunnel IP on the controller or the tunnel IP on the Clearpass server? Since we're handling guest requests coming inbound on the Aruba controller, I would think the source would be the controller itself, but if I am wrong in that assumption, please let me know. The tunnel destination I have configured is the IP of the management port on the Clearpass server - should this be the tunnel IP instead?
On the ClearPass side, I have set up the GRE tunnel with a local inner ip of 10.1.1.2, remote outer IP to the controller IP in the 172 network and set the remote inner IP to 10.1.1.1 - I had verified this configuration with TAC and they said it was correct.
I have ACL's set up to pass traffic through the tunnel, directed to the ClearPass server.
The problems that I have run into is that when I connect to the guest network, redirection to guest login portal page within ClearPass does not populate. I am able to get an IP and I am able to ping the controller, but I cannot ping through the tunnel to the ClearPass server. Is there something wrong with the configuration on the controller that might be failing me?
Thanks in advance!