Hi all,
I have a customer who would like to do Clearpass POC.
They already have Aruba wireless controller (standalone, version 8.5.0.4).
The design they suggested is a little bit unusual for me, so I would like your opinions, suggestions, if this configuration is even possible or I should redesign it.
If a guest or contractor comes to the customer’s company and wants a wireless connection they connect to same SSID (open wifi). They receive the IP address from a temporary DHCP pool (example 192.168.100.0/24) and captive portal opens (self registration).
Guests coming to the costumer’s company will have to fill-in a form(self registration)( add sponsor email address) and wait until sponsor has confirmed their request for Wifi access. After login the guest user should get a new IP address (192.168.101.0/24) and a new user role with ACLs which only allows access to the Internet.
Any contractors also need to open the captive portal but then select the “I already have an account” option at the bottom of the page. A new page then opens up and they log in with a username and password from the Active Directory ( special group in AD). After this is successfully authenticated, they get a new IP address (192.168.102.0/24) and a new user role with ACLs which allows access to specific VLANs (ip segments) in the local network.
I have some concerns about developing this design as per customer request, especially in regards to changing the IP address of user device.
I read that this can be done via CoA bounce switch port or Terminated Session.
Has anyone configured a similar design before? How did the Client (device) react to the change in the IP addresses?
Thank you for your replies.