Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest Instant deployment question

This thread has been viewed 0 times

  • 1.  Clearpass Guest Instant deployment question

    Posted Apr 18, 2014 01:22 AM

    Hello

    I was setting up a clearpass which is on my office with a instant AP which is on my home

     

    Well i set up the captive portal and everything i go to my firewall and port forward all the needed ports on my office to the clearpass

     

    I finish setting up the instant which is really fast.  And everything worked great

     

    Now after finishing testing i realize that i didnt port forward or anything on my home Lynksys.   I got a linksys which is plugged directly to internet and  my instant is behind that with a private ip address

     

    When i set up my clearpass on my instant i put that the ip address of the clearpass was a public ip address i set it up for it so its okay

    And on the clearpass  when i was setting the device ip address(which is the instant ap cluster) i put the public ip address(which is the lynksys ip) not the instant AP as the instant AP is behind the lynsys with a private ip address.

     

    Now everything seems to be working fine without me doing any port forward on the lynksys to the instant AP and i bealive i need to do it.

    How come this works?  i mean im pointing on clearpass device the public ip address which is being pointed to the lynksys not to the instant AP.

     

    When im using the captive portal if i tell it that my session finish in 5 minutes, it will end it in 5 minutes.. it chage me of role that got no access and everything.

     

    Anything can point me how its working? becasue i would like to know....

     

    Also if it works do i loose something by leaving it like that?

     

    Cheers

    Carlos



  • 2.  RE: Clearpass Guest Instant deployment question

    Posted Apr 18, 2014 01:31 AM

    My guess woulld be maybe for the part that  is putting me on the other role when my time finish would be because its already sneding the authorization attibutes to the instant and the instant store that info???

     

    And for the part that i setting up on the clearpass on the device the public ipaddress which is the linksys, its okay because he would just answer radius request from that public ip address  which is okay because all the raidus request are coming from that ip address

     

    And radius CoA should not work if i leave it like it with no port forwarding  on the lynksys.(didnt try using it yet but my guess is that it wont work as its  clearpass starting the communication with the iap cluster...

    The other works fine becasue iap is the one that is starting the communications.

     

    I never have set it up like this before because i always have been using it through a RAP when i was at home or when i was at the office which is trhough the internal network

     

    Any comments??

     

    Cheers

    Carlos