@mattjhughes wrote:
Thanks Ryan, Yea that is a bummer. I will either create a few different auth groups based on location, or mac address (1-5,6-a,b-f) and have each go to a different server. It would be nice if they did a more distributed load. I just placed all my campus on Clearpass and I see only 1 AD server getting hammered.
Mattjhughes,
If you wanted to do that, you would instead setup a number of specific radius servers in your environment and set them up as Proxy Targets:
You would then create a radius Proxy Service and set your scheme to load balance:
You would have to setup a radius server service (IAS, NPS) on whatever of your internal servers you want authentication proxied to.
You can use role mapping based on incoming attributes or attributes received from your Radius server and in turn send back an enforcement policy.
So tl;dr, point to the ClearPass server with the Radius Proxy service configured and it will load balance it to your Radius Servers.