Controllerless Networks

I am going to configure some Locations with Aruba Instant an have a centralized Clearpass Server,

 

how do i get the clients to communicate with the Clearpass Logon Site? Is it possible to NAT the Clients, that the virtuell controller IP is used to communicate with the clearpass server?

 

And can the virtual controller NAT the Clients to an public IP after they are authorized from Clearpass?

Once the user has register through the captive portal then you can return a role that source NAT the traffic

It's more about the login on the clearpass. I like to masquerade the guest behind the virtuall controller ip because there I no route from the clearpass to the guest ip range

The setup is a network assignt vlan for guest with no routing to the internal networks. DHCP and dns from the network. The iap is not the default gateway.

The clearpass server is in the internal networks

What acl has to be in the the pre authentication rule to get a connection to the clearpass server?

Source nat http and https to destination clearpass server
+ allow DHCP + dns?

Or is the captive portal rule needed with pre-configured cp profile?

Source nat http and https to destination clearpass server
+ allow DHCP + dns worked, but the automatik redirect does not work.

 

any suggestions?!

Can you elaborate on "automatic redirect" does not work? Is it the redirect after login?

Sent from my iPhone

no it is the redirect to the clearpath login page.

 

I connect to the SSID, get an IP Adress and DNS is working. When i open a firefox and type a website i only get an error message and no redirect to the logon page.

 

I added a source Nat rule and can login when i use the 172.16.1.10/guest/guest_logon.php url. But the redirect does not work

 

running 6.4.2 on IAP 108

 

here is my captive Portal profile and the pre-auth role/acl

 

wlan external-captive-portal CP
 server 172.16.1.10
 port 443
 url "172.16.1.10/guest/guest_logon.php"
 auth-text ""
 auto-whitelist-disable
 https

 

wlan access-rule Guest-Logon
 index 4
 captive-portal external profile CP
 rule 172.16.1.10 255.255.255.255 match any any any src-nat
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit
 rule 172.16.1.10 255.255.255.255 match tcp 80 80 permit
 rule 172.16.1.10 255.255.255.255 match tcp 443 443 permit

found the solution here in the forum :)

 

http://www.airheads.eu/t5/Aruba-Instant-Cloud-Wi-Fi/Instant-does-not-redirect-to-Clearpass/td-p/200527

 

it is the captive portal profile

 

wlan external-captive-portal CP
 server 172.16.1.10
 port 443
 url "172.16.1.10/guest/guest_logon.php"
 auth-text ""
 auto-whitelist-disable
 https

 

has to be

 

wlan external-captive-portal CP
 server 172.16.1.10
 port 443
 url "/guest/guest_logon.php"
 auth-text ""
 auto-whitelist-disable
 https