ClearPass + Central VLAN assignment
02-16-2018 12:38 AM
in our setup we have 14 different locations with IAP Clusters, all managed via Central. We use Clearpass as central authentication source.
In this case the use guest authentication with mac caching.
I added a configuration to the service for sending back the proper VLAN for the location by using the AP-Name field.
Between the locations we use IPsec VPNs which are sometimes offline due to other issues.
In the case of a client connecting to the wifi while the IPsec tunnel is down, the client is bridged to the default vlan of the access point. Which is not what we want.
I had already the idea of changing the default VLAN for the guest WiFi to "666" or something, but is more a dirty hack in my opionion. Maybe there is a better option?
Re: ClearPass + Central VLAN assignment
02-20-2018 06:51 PM
For each of the IAP clusters, if the VLAN used for the guest network is allways going to be the same, you could simply hardcode the VLAN for the guest network, rather than requiring the VLAN to be sent from ClearPass.