Security

Reply
paw
Contributor I

ClearPass + Central VLAN assignment

Hello,

 

in our setup we have 14 different locations with IAP Clusters, all managed via Central. We use Clearpass as central authentication source.

 

In this case the use guest authentication with mac caching.

 

I added a configuration to the service for sending back the proper VLAN for the location by using the AP-Name field.

 

Between the locations we use IPsec VPNs which are sometimes offline due to other issues.

 

In the case of a client connecting to the wifi while the IPsec tunnel is down, the client is bridged to the default vlan of the access point. Which is not what we want.

 

I had already the idea of changing the default VLAN for the guest WiFi to "666" or something, but is more a dirty hack in my opionion. Maybe there is a better option?

 

Greets

 

Frequent Contributor I

Re: ClearPass + Central VLAN assignment

Hi,

 

For each of the IAP clusters, if the VLAN used for the guest network is allways going to be the same, you could simply hardcode the VLAN for the guest network, rather than requiring the VLAN to be sent from ClearPass.

 

 

ACCX#1050 ACMP CWDP CWSP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: