Hi,
Do you know if DNS Proxy is supported on Eth1 via NAC?
The reason this is required is that we have a Guest wireless bridged directly out the second interface on a pair of wireless controllers to a a dedicated DMZ network for Guest internet traffic only.
Currently we have a pair of NAC appliances whom Eth1 interfaces are in the Guest DMZ network.
Currently I have this working by redirecting to Captive Portal using controller based redirect with the redirect URL pointing to the IP address of one of the NAC appliances.
The reason I have to change this to DNS proxy is that although I have some load balancers available that would support fail-over to either of the NAC's, these do not have direct access to the internal DNS servers in the DMZ network to resolve any URLs I send to them.
With the use of the Load Balancers I just need to configure the controller based redirect to point to a single URL that points to the load balancers, which in turn resolves to either of the NAC devices (via an internal DNS) dependant on which NAC is available.
The problem I have is that in this particular case I'm not able to plum in the DNS directly into the DMZ network so I have nothing to resolve too, so will need to be reliant on DNS Proxy.
Have confiugred DNS proxy as per the following GTAC article:
https://extremeportal.force.com/ExtrArticleDetail?an=000079035
If I connect to the Guest Wireless I don't get redirected to captive portal, although if I put in the IP address of the NAC device in the client you get the captive portal.
In addition if I put in a URL it does get resolved to the correct IP instead of the NACs, so just seems to be a problem with DNS proxy not doing its job and replacing the IP address of the URL with NAC's instead to display the captive portal page.
My concern is that I need an option on the Eth1 interface that is greyed out, as per below:
This is a summary of my wireless rules:
Wireless controller is running version 10.41.01.0082
NAC / Netsight is running version 8.0.3.46
Many thanks in advance
Hi Suresh,
Thanks for replying.
Captive portal is currently working via Eth1 but using the wireless controller redirect, and it also works if I manually point the client to either Eth1 interface of either NAC. The bit I'm not sure about is DNS Proxy support on Eth1, or in addition the way that I am trying to do it.
That's a good point, I'll see if I can set something up to try this on Eth0, and do some of the debugging you have suggesting in the GTAC article.
Here is a diagram of the setup, help you visualise what I have described:
In addition, from the screenshot of my initial post of the Eth1 interface do I need to set the 'mode' to 'Advanced Configuration' and if so what services do I need (if any) to select?
My assumption here is also that you believe DNSProxy should work in this scenario, which is at least one main hurdle out the way with as I can then get down to just debugging it?
Many thanks.
Thanks for replying.
Captive portal is currently working via Eth1 but using the wireless controller redirect, and it also works if I manually point the client to either Eth1 interface of either NAC. The bit I'm not sure about is DNS Proxy support on Eth1, or in addition the way that I am trying to do it.
That's a good point, I'll see if I can set something up to try this on Eth0, and do some of the debugging you have suggesting in the GTAC article.
Here is a diagram of the setup, help you visualise what I have described:
In addition, from the screenshot of my initial post of the Eth1 interface do I need to set the 'mode' to 'Advanced Configuration' and if so what services do I need (if any) to select?
My assumption here is also that you believe DNSProxy should work in this scenario, which is at least one main hurdle out the way with as I can then get down to just debugging it?
Many thanks.
