Security

Hi Guys,

I just wanted to run something by you guys for a Clearpass Guest Deployment.

One of my clients is looking to deploy a basic guest wireless from an Instant Access point. They want the users to input the pre-shared key and after that they would like them to get a captive portal page where they accept the terms and conditions.

The problem is with the captive portal page. Here is some basic info on the deployment:

• 30 sites with 1 IAP at each site broadcasting the SSID
• The IAP is attached to a broadband router, which is attached to an ADSL line
• It is very unlikely that these 30 sites have direct connectivity with each other. I.e no MPLS network to link them together or WAN so we will be relying on the Internet

I wanted to ask you guys to clarify the following:

• How will the IAP communicate to the centrally hosted clearpass server?
• How do I add these IAP’s into Clearpass as they will have a 192.168.x address from the router
• What kit list is required from Clearpass, i.e I know I need the Clearpass server & licenses, but have I missed anything else?

Hope you guys can answer my request with a nice easy solution J

You'll have to provide a public reachable address for the clearpass. Source NAT for the 2nd question

Note regarding the first bit: if you're using DNS name instead of IP address, you'll also need a publically resolvable address. guest.company.com/guest/page.php has to lead them to your ClearPass from the internet. This will be a public address. 

You can use destination NAT for masking your ClearPass behind that public address.