Wireless Access

Frequent Contributor II

guest network design

Can someone point me to a vrd for a guest network design with clear pass guest... are people putting clear pass guest into dmz or internally? The vrd I have read seems to suggest internally
Occasional Contributor I

Re: guest network design

Hi there,

i've just posted a scenario using IAP's and a ClearPass using external Captive Portal.

Hopefully i will get some support on why my deployment doesnt work.

Check back later for the answers.

link here: http://community.arubanetworks.com/t5/Access-Points-and-Mesh-Routers/IAP-105-and-new-Clearpass-Captive-portal-issues/m-p/38242

Frequent Contributor II

Re: guest network design

Hi john,



I am a begineer, but out of curiousity do you do a source nat on your guest machines IP when they call out to the captive portal?  There was a lot of detail in your post and I wasn't sure if I missed that?  AFAIK the guest machine needs to connect directly to clearpass guest - much like if the guest was accessing a webserver.  So if you are unauthenticated and you had ping open you should be able to ping etc , but VRDs I have read only suggest DNS, DHCP, HTTP (to clearpass) HTTPS (to clearpass) of course


Good luck!



Occasional Contributor I

Re: guest network design

Hi there, you are correct. On the ArubaOS based controllers i can redirect all traffic to the CP device, correct.

On the IAP, your options are somewhat limited ;) thanks for the heads up tho.

Search Airheads
Showing results for 
Search instead for 
Did you mean: