Hi Tim,
They use both private and public IP ranges internally. Clearpass is not directly connected to the internet, only radius is allowed through the firewall to the federal servers using the public IP addresses to communicate.
I was thinking about NAT but the current network admin isn't trustworthy and his contract is terminated by tomorrow. My NAT knowledge is limited on Cisco ASA and the system administrators couldn't help me either. Information on a contact for the Federal radius servers took several weeks to figure out by the staff.
School opens Monday after summer break so I was out of time to rebuild the cluster (which went live 3 weeks ago for the school staff) so I have chosen the dataport route. Eduroam is operational and I don't think I can get the changes done at Federal overnight.
As said, radius and portals are working fine. I just need some advise on best practice since I need to add yet another SNMP community to all the switches so I can change the radius settings in one go.
thanks
Erik