Wireless Access

Hi Airheads,

I want to use a self register captive portal from ClearPass Guest that is in a VLAN10 in Building 1 in my test controller where i configure a SSID with a captive portal authentication that is in the VLAN192 using a ISP modem like DHCP and gateway. There's no way to communicate (to route) the VLAN10 and VLAN192 to assure security of the Data Center. Here is the topology:

The idea is use de VLAN192 for guest, the problem is that this VLAN don't have access to the VLAN of ClearPass. It sounds logical to change the VLAN in the post authentication role but i understand that's not posibble in L3 auth.

I know about the ip cp-redirect-address command to solve this issue but i don't know if this command works for a ClearPass captive portal. I tried and don't work for me. Any suggestions? Thanks in advance.

You can't allow just TCP 443 into VLAN 10?

Thanks capalli but the TCP 443 port is enabled.

I'm confused. So can you not currently access ClearPass from VLAN 192?

No, because Captive ClearPass is in VLAN10 and the VLAN192 is for the ISP modem and the guests. For customer network security, we can not allow inter vlan routing.

Why don't you just source nat the HTTPS/HTTP and DNS traffic directed to ClearPass using an internal address