Controllerless Networks

last person joined: 14 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

This thread has been viewed 3 times

  • 1.  Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Aug 26, 2015 04:05 PM

    Hello!

     

    So I've been struggling with this IAP setup with Clearpass for external cp for a few hours now, and can't get it to work as it should. It's a basic setup that I've done many times, but with a twist..

    The AP is placed in a vlan X and gets an internal DNS. This resolves the clearpass address to it's internal address (ie: 192.168.47.10). The guest clients are placed in a different vlan Y and given a public dns like 8.8.8.8 that resolves a different IP (ie: 1.2.3.4) for Clearpass. This is as designed..

     

    So - when the client in VLAN Y connects to the guest-ssid it's redirected to the internal ip (192.168.47.10) of Clearpass! (!!!!) I tried setting a static IP on the IAP and use the 8.8.8.8 DNS here, and then it redirected to the right (public ie 1.2.3.4) Clearpass IP.

     

    Now I'm hoping this is just a nasty bug, and not a feature... There is no way that the IAP should proxy the request using it's own DNS instead of just letting the DNS request through the firewall and to the clients DNS server.

     

    Anyone else encountered this? Or can tell me why this happens?



  • 2.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    EMPLOYEE
    Posted Aug 26, 2015 04:11 PM

    Is there a VPN connection or config applied here?



  • 3.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Aug 27, 2015 01:35 AM
    No vpn. Basic iap solution. Iap is connected to a switchport with a native vlan and client vlans tagged. Dhcp etc is not handled by the VC.


  • 4.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Aug 27, 2015 07:51 AM
    Can you please share your captive portal profile and user-role config


  • 5.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Sep 04, 2015 03:41 AM

    The day after we had this problem we repeated the testing, and then things behaved as it should - using the clients DNS. I have no clue what caused this in the first place - as we tried multiple devices several times over hours of testing.. So signing this off to be a ghost in the machine thing..

     

     

     

     

     



  • 6.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Dec 06, 2016 09:46 PM

    I'm having the same problem, did you ever get to the bottom of the issue?



  • 7.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Oct 01, 2019 05:47 AM

    Hi John, Richard,

     

    I am too facing this issue. Did you guys found out any solution?

     

    Thank You!

     



  • 8.  RE: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

    Posted Oct 01, 2019 05:57 AM

    As I wrote - this "solved" itself to never come back. Never seen this again since. This was 4 years ago so the firmware that you have should be 8.4.x and not 6.x something that I was using.