Contributor II

Clearpass - Logical Interfaces

Hi there,


We're currently using a Captive Portal for our Guest Internet connectivity which is hosted on Clearpass, which at this early stage is just using the private IP address of a VIP within Clearpass for the URL, I'm looking to make this look a little nicer by using a domain within the URL.


Our issue currently is that the domain we're looking to use resolves against a Public IP address (our guest environment is using Public DNS servers) and due to company restrictions, we can't have a public facing DNS entry resolve against an internal IP address.


So, I'm looking to understand if it's possible to have some sort of logical IP entry within our Clearpass infrastrcture, that will enable clients to perform a DNS lookup for the Clearpass portal URL '' - Which resolves to a Public IP address, for which the Clearpass devices would reply to any traffic requests should we route the traffic for the Public IP address in to Clearpass.


I've played with the idea of changing the URL so something internal, but we as we're using public DNS servers this is a non-starter. Also, within the network equipment involved in the Guest DMZ, we dont have the ability to perform any sort of network address translation. The logical interface within CPPM seems our only option at the moment.


Appreciate people's thoughts.



Re: Clearpass - Logical Interfaces

If the data port is tied to the DMZ see if your firewall can do a DNS proxy only for the ClearPass guest URL

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Architect @WEI
Contributor II

Re: Clearpass - Logical Interfaces

Unfortunately, that isn't something we'll be able to achieve using the Firewall within this environment.

Guru Elite

Re: Clearpass - Logical Interfaces

Your only option would be to use views functionality on your DNS server then.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: