Adding a static route to Clearpass can be tricky, that's why I would like to complete the previous answer.
Before adding a static route, pay attention of the routing rules already in place :
network ip list
Here you'll see some IP rule, and some of them concerns incoming trafic, like :
10020 : from all to 10.0.0.0/24 lookup mgmt
This basically means "for all incoming datagram going to 10.0.0.0/24 network, follow the mgmt interface and the default gateway".
If you add a static route without specifying a rule id (like this) :
network ip add mgmt -d x.x.x.x
this will create an entry with id=12000 and you'll have a very uncommon behaviour :
- From the Clearpass itself, you will be able to join the destination (you pass the id=12000)
- From the distant subnet, you'll not be able to get reply from the ClearPass (you pass in the id=10020)
This could be very tricky, especially when you expect RADIUS reply (because you'll see the RADIUS request in the ACCESS TRACKER), but as the RADIUS reply paquet goes through the default gateway, you'll never get it from the NAS point of view...
So the definitive good way of adding a static route to ClearPass is to specify a rule ID wich takes precedences over the default incoming rules (for instance 500), so the command looks like :
network ip add mgmt -i 500 -d x.x.x.x/24 -g y.y.y.y
This way, both initiating and incoming communication will works.
Regards,
Laurent Asselin.