Clearpass Guest Instant deployment question


I was setting up a clearpass which is on my office with a instant AP which is on my home


Well i set up the captive portal and everything i go to my firewall and port forward all the needed ports on my office to the clearpass


I finish setting up the instant which is really fast.  And everything worked great


Now after finishing testing i realize that i didnt port forward or anything on my home Lynksys.   I got a linksys which is plugged directly to internet and  my instant is behind that with a private ip address


When i set up my clearpass on my instant i put that the ip address of the clearpass was a public ip address i set it up for it so its okay

And on the clearpass  when i was setting the device ip address(which is the instant ap cluster) i put the public ip address(which is the lynksys ip) not the instant AP as the instant AP is behind the lynsys with a private ip address.


Now everything seems to be working fine without me doing any port forward on the lynksys to the instant AP and i bealive i need to do it.

How come this works?  i mean im pointing on clearpass device the public ip address which is being pointed to the lynksys not to the instant AP.


When im using the captive portal if i tell it that my session finish in 5 minutes, it will end it in 5 minutes.. it chage me of role that got no access and everything.


Anything can point me how its working? becasue i would like to know....


Also if it works do i loose something by leaving it like that?




Product Manager - Aruba Networks
Alternetworks Corp

Re: Clearpass Guest Instant deployment question

My guess woulld be maybe for the part that  is putting me on the other role when my time finish would be because its already sneding the authorization attibutes to the instant and the instant store that info???


And for the part that i setting up on the clearpass on the device the public ipaddress which is the linksys, its okay because he would just answer radius request from that public ip address  which is okay because all the raidus request are coming from that ip address


And radius CoA should not work if i leave it like it with no port forwarding  on the lynksys.(didnt try using it yet but my guess is that it wont work as its  clearpass starting the communication with the iap cluster...

The other works fine becasue iap is the one that is starting the communications.


I never have set it up like this before because i always have been using it through a RAP when i was at home or when i was at the office which is trhough the internal network


Any comments??




Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: