Hello everyone
I just got a client which have the managment port and data port configured
It seems they configured the data port to separate the guest traffic like in a DMZ
So it goes like this:
The Clearpass has managmetn port on network X which has access to everything which is the managment vlan
And the clearpass has network port on network Y which has no access to anything
Network Y is routed by the firewall which just let it goes to the internet
In the controller with aruba AOS 8
They have the trunks for the internal networks
And they have ONE port that connect to the firewall with that Vlan Y with the network Y
That vlan Y has an IP on that vlan Y
So everything works fine right now
We have to migrate their aos8 to aos10 and they will be on bridge mode this guest vlan because we will have no controller
They can tag that vlan Y to the APs with no issue.
Will this still work?? i cannot put a IP on that vlan Y in my group of instant AP that will be on the cloud with aruba os 10, i will just have my managment vlan
The user connects the the VLAN Y, it gets an ip address and it goes to captiveportal.domain.com when it gets authenticated im not sure if the guest user needs to see the Instant which is on the vlan Y with an ip address to make it work. Right now the controllers they have got ips address on that vlan which has no access to anything, they just have access to the clearpass on the data port and to the clients i guess
Im not sure if it will work by just tagging the vlan Y to all the APs and even if the guest users dont have access to the any IP of the aps it will work fine.
Im not sure if im explained it fine?
Thanks