Hi all,
I have a customer that has a guest network that cannot route to the captive portal hosted on ClearPass. I have tried source NATing them through the AP with no luck, the page just times out as if there is still no route. I can ping the ClearPass page from the VC as expected as they talk fine with regular 802.1X networks. Config for the pre-auth role is below:
Enforce captive portal external TWB Clearpass
Allow dhcp to all destinations
Allow dns to all destinations
Allow http on server 10.210.4.17 and change source address to Access Point's
Allow https on server 10.210.4.17 and change source address to Access Point's
Deny any to all destinations + log
When I test it using a VLAN that DOES have a route to ClearPass (without the NAT) the clients successfully get redirected to the Captive Portal so I know the ClearPass config and SSL certificates are trusted.
Client IP asignment is currently set 'Network Assigned' because the default Default Gateway for the Guest VLAN is on a router that has no route to the internal network (also acts as DNS and DHCP server). I can't use 'Virtual Controller Assigned' because the APs do not have a route to the Internet Route that is being used for this solution.
Any ideas?
-Brett