Wireless Access

Occasional Contributor II

BOC behind internet line needs to connect to Clearpass



For a redesign I'm facing the following design question:

1 of our customer would like to deploy BOC behind a internet line (no fixed IP address) and is natted. The master controller is in the DMZ zone, so we can connect without issue.

However, they also have a clearpass (not in DMZ) that they want to use for captive portal for the guest users. For now the guests are in the same flat IP vlan distrubuted by the ISP (overlapping with the campus network).

How would I proceed so that the clients can connect to the clearpass?

So far I'm thinking of this as a solution:

Create a new routed VLAN on the BOC for the guests, create an IP route on the BOC terminated on the IPsecmap of the master controller and vice versa, with an non overlapping IP range. Source nat the normal user traffic out to the public internet line and direct route the ClearPass traffic via the BOC to the Master and then to the Clearpass.


Would this be possible?

Search Airheads
Showing results for 
Search instead for 
Did you mean: