Security

Reply
Occasional Contributor II

Clearpass and NADs with overlapping IPs

Hello

 

Could you please explain, how should I solve the following situation.

Two companies authenticate with the same Clearpass. Both have NAD network, but they use the same ip ranges (lets say 192.168.100.0/24).

They are connected to the CPPM over some L3 network (which can take some advanced functionality if required).

 

So, CPPM can't route back Radius packets.. Even adding a NAD is complicated, because they are using the same IP addresses.

 

Two feasible solutions come to my mind - it's NAT and Radius proxy.

NAT: i'm not sure, that there is NAT which could rewrite inside Radius packets, not only the IP source/destination. So, i'm not sure if it will work.

Radius proxy: Knowing nothing about 'Radius proxies' (what is it - haproxy working on 1812?) i'm also not sure if I'd be able to differentiate devices while creating them in CPPM.

 

Could you please advise with some keywords on what technology i should use here? (beside re-addressing ;) but it's last resort..).

 

Thank you!

MVP Guru

Re: Clearpass and NADs with overlapping IPs

Surely, just using NAT on one of the customers traffic would solve this.

Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: