Wireless Access

Reply
Highlighted
Occasional Contributor II

Captive portal

Hi Team,

 

A customer is seeking to segment their guest traffic tunneled to DMZ instead of using the central ClearPass for authentication and captive portal. There is a choice of using just the controllers in the DMZ to enable this feature.

 

I was looking for some document which talks about the difference or advantages of using a dedicated ClearPass instead of hosting the captive portal on the controllers. That way the customer can choose to go for another ClearPass or settle for controllers. 

 

Many thanks in advance!!

MVP Expert

Re: Captive portal

Hi,

 

The captive portal in the controllers is limited, also the amout of guest accounts.

I would advise to use ClearPass (best practise, a seperate one in the DMZ). With ClearPass the captive portal has many features and different looks. Also the type of guest account can be different and has more options on ClearPass.

You can use multizone if you are running ArubaOS to setup the guest part with controllers in the DMZ.

 

Not really a document, but some differences.

 

 

Cheers, Frank
AirHeads MVP Expert |AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Occasional Contributor II

Re: Captive portal

Thanks Frank, we had planned to use Multizoning for guests in DMZ but the customer wants the guests to be completely separated including their authentications as well. Thanks for the support...

MVP Expert

Re: Captive portal

Hi

With Multizone you need a separate clearpass for guest in the DMZ. So that will work for this case.

Cheers, Frank
AirHeads MVP Expert |AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Guru Elite

Re: Captive portal


@manish.modi wrote:

Thanks Frank, we had planned to use Multizoning for guests in DMZ but the customer wants the guests to be completely separated including their authentications as well. Thanks for the support...


Whether or not you use ClearPass in the DMZ will be determined by the featureset of guest authentication that is needed.  If all of your guest simply will be clicking on "Accept", the Controller Internal Guest page will suffice, since you can import HTML and make it look any way that you want.  If you want guests to be able to automatically be able to request and create accounts, that will require ClearPass in the DMZ.  If your guests were to be managed via the same ClearPass instance as Your internal network, guests are stored in a different database than employees and authentication can easily be differentiated Via NAS-IP address or a number of other radius attributes.  I suggest you speak to your ClearPass Specialist to understand your full options about deploying guest traffic in your DMZ.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: