Hello everyoneI just got a client which have the managment port and data port configuredIt seems they configured the data port to separate the guest traffic like in a DMZSo it goes like this:The Clearpass has managmetn port on network X which has access to everything which is the managment vlan And the clearpass has network port on network Y which has no access to anythingNetwork Y is routed by the firewall which just let it goes to the internetIn the controller with aruba AOS 8 They have the trunks for the internal networks And they have ONE port that connect to the firewall with that Vlan Y with the network Y That vlan Y has an IP on that vlan YSo everything works fine right now We have to migrate their aos8 to aos10 and they will be on bridge mode this guest vlan because we will have no controllerThey can tag that vlan Y to the APs with no issue.Will this still work?? i cannot put a IP on that vlan Y in my group of instant AP that will be on the cloud with aruba os 10, i will just have my managment vlan The user connects the the VLAN Y, it gets an ip address and it goes to captiveportal.domain.com when it gets authenticated im not sure if the guest user needs to see the Instant which is on the vlan Y with an ip address to make it work. Right now the controllers they have got ips address on that vlan which has no access to anything, they just have access to the clearpass on the data port and to the clients i guessIm not sure if it will work by just tagging the vlan Y to all the APs and even if the guest users dont have access to the any IP of the aps it will work fine.Im not sure if im explained it fine?Thanks
Yeah this should work just fine. You don't need an IP in VLAN Y on the AP, you just need it trunked to the AP.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.