Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ClearPass Captive Portal config

This thread has been viewed 5 times

  • 1.  ClearPass Captive Portal config

    Posted Jul 29, 2014 02:58 PM

    This is a more broad networking concept question but I am just not quite getting it.

     

    We recently implemented ClearPass for guest access. ClearPass server is at 172.21.1.35 internally. We have a LAN guest network at 192.168.1.0/24 (with a Palo Alto as the default gateway doing DHCP) and a wireless guest network (local to the controller and not routed) at 192.168.10.1/24 for which the controller does DHCP. 

     

    Guest connects to network, gets 192.168.10.X address and is assigned to clearpass_logon role. In order for them to hit the captive portal at 172.21.1.35 we have to NAT 172.21.1.10 (the controllers path to the internal network) to itself but I am not clear why. 

     

    I have to document the connectivity and I see how it works but not why, I am really hung up on why we have to NAT 172.21.1.10 to itself in order to hit the captive portal.



  • 2.  RE: ClearPass Captive Portal config

    EMPLOYEE
    Posted Jul 29, 2014 03:03 PM
    The dst-nat process requires a L3 interface on the controller in order to resisted the traffic.


  • 3.  RE: ClearPass Captive Portal config

    Posted Jul 29, 2014 03:10 PM

    I get that an L3 interface is needed to route the traffic internally, I am not clear why NAT is needed to do this. Cant the L3 interface in 192.168.10.0 (on the controller) route internally by sending to 172.21.1.10 (also on the controller)?