Hello!
So I've been struggling with this IAP setup with Clearpass for external cp for a few hours now, and can't get it to work as it should. It's a basic setup that I've done many times, but with a twist..
The AP is placed in a vlan X and gets an internal DNS. This resolves the clearpass address to it's internal address (ie: 192.168.47.10). The guest clients are placed in a different vlan Y and given a public dns like 8.8.8.8 that resolves a different IP (ie: 1.2.3.4) for Clearpass. This is as designed..
So - when the client in VLAN Y connects to the guest-ssid it's redirected to the internal ip (192.168.47.10) of Clearpass! (!!!!) I tried setting a static IP on the IAP and use the 8.8.8.8 DNS here, and then it redirected to the right (public ie 1.2.3.4) Clearpass IP.
Now I'm hoping this is just a nasty bug, and not a feature... There is no way that the IAP should proxy the request using it's own DNS instead of just letting the DNS request through the firewall and to the clients DNS server.
Anyone else encountered this? Or can tell me why this happens?