Hi,
I have a large corporate network where all wireless guest traffic is currently tunnelled (via GRE tunnels on Cisco routers) to a secure DMZ where the traffic goes through a captive portal appliance (not Aruba). The AP's are a mixture of Cisco and Aruba, both autonomous and controller-based.
We're looking to replace this Captive portal device with Aruba controllers and Clearpass.
My question is, as the traffic coming into the controller will come from different sites and will be hitting the controllers wired port, does this limit the functionality provided by Clearpass.
At the moment, we are looking at Self-service portal for guests and onboarding corporate devices.
I envision that the non-corporate user at the site traffic will connect to the "guest" SSID where their traffic (via the Cisco router GRE tunnel) will be routed and will hit the controllers wired port where a policy is configured to enable a web-page to appear. The web-page will instruct the users to choose either "Self-service or "corporate"
If they choose Self-service, they'll go through that process then be given a role that allows only access to the Internet
If they choose corporate, this will on-board their device and then instruct them to connect to a different EAP-TLS enabled SSID, which is broadcasted on the AP's at the site where they reside.
Thoughts/flaws/suggestions on this design would be appreciated
Thanks