Contributor I

Clearpass design for large multi-vendor wireless network



I have a large corporate network where all wireless guest traffic is currently tunnelled (via GRE tunnels on Cisco routers) to a secure DMZ where the traffic goes through a captive portal appliance (not Aruba).  The AP's are a mixture of Cisco and Aruba, both autonomous and controller-based.


We're looking to replace this Captive portal device with  Aruba controllers and Clearpass.


My question is, as the traffic coming into the controller will come from different sites and will be hitting the controllers wired port, does this limit the functionality provided by Clearpass.


At the moment, we are looking at Self-service portal for guests and onboarding corporate devices. 


I envision that the non-corporate user at the site traffic will connect to the "guest" SSID where their traffic (via the Cisco router GRE tunnel) will be routed and will hit the controllers wired port where a policy is configured to enable a web-page to appear.  The web-page will instruct the users to choose either "Self-service or "corporate"


If they choose Self-service, they'll go through that process then be given a role that allows only access to the Internet

If they choose corporate, this will on-board their device and then instruct them to connect to a different EAP-TLS enabled SSID, which is broadcasted on the AP's at the site where they reside.


Thoughts/flaws/suggestions on this design would be appreciated



Guru Elite

Re: Clearpass design for large multi-vendor wireless network

In general this CAN work. You need to contact a ClearPass Specialist to ensure that the all of the parts of this will work with your current setup. The details of this design needs to be reviewed by someone who is aware of all the specifics of your network and is proficient in ClearPass. Depending on decisions you choose to make the design and deployment of such a design can be complicated and it is best that someone is there to advise you every step of the way.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: