@Zsomi wrote:
Dear Community,
Our customer doesn't want to set dns-server IP in ClearPass, because they separate the CP's VM in their network and they won't let the CP access to the DNS-server. They would like to edit the host file instead. Is it possible?
Thank you for your answer in advance!
The short answer is No. CP should be on the side of the "firewall" that allows it to access DNS as well as domain controllers, because if you use 802.1x DNS will be used to discover domain controllers for authentication. If your clearpass box cannot access DNS, please re-consider how you are designing your network.