I've been searching around the forums and there is a lot of good information but I haven't found a solution for this.
I'm not sure of the proper way to setup my guest wireless access. It seems that I either have to choose to allow them access to the internal dns or allow access to clearpass from a public IP address. This is what is happening.
The controller and clearpass both sit on the inside network and the clearpass server has a hostname of arubaclearpass.domain.com. I have a guest VLAN setup that only gives access to the internet and uses google's dns servers of 8.8.8.8 and 8.8.4.4. I have the controller using clearpass captiveportal located at arubaclearpass.domain.com.
What happens is that when a guest user connects the controller tries to send it to arubaclearpass.domain.com and that is not found by the public DNS. I can add that domain name to the public DNS but then doesn't that open up my clearpass server to anybody on the internet? If I have the controller route to the IP address of the clearpass server it works fine but they get a certificate error message as it's not going to the FQDN.
Alternativly I can give my guest users access to my internal DNS server and they can get to clearpass but I really don't want to allow any access to internal DNS.
Is there anyway to have guest access without either allowing internal DNS or public access to the clearpass server?
Thank you!