Yes the controller has an IP on the vlan1 side where the ClearPass server is and a IP address on the vlan 2 side. The controller is the DHCP server for the vlan 2 side as well. I thought the creating a route at the gateway/firewall would work but it didn't. If it doesn't see it locally it will send it to the gateway and i had a rule there but tat didnt work. I also had a ACL on the switch to pass traffic between the controller vlan 2 ip and the ClearPass vlan1 ip but it occurs to me as I am writing this the guests on vlan2 need some sort of access to the ClearPass server since that is where the authentication comes from as well as the guest portal.
How do I get the controller to route the traffic then or am I going about this all wrong?
I need to have the guest access on a seperate vlan for how our firewall is setup.