Security

Hi,

I'm trying to return the clearpass FQDN using a Radius enforcement profile.

It has to do with guest auth and mac-caching

The idea is that MAC authentication could be load-balanced on 2 Clearpass appliances in different subnets. However, if the device is not in the endpoint db, I want sent the redirect URL that is directed to the Clearpass appliance that receives the authentication.

Perhaps I'm looking at this in a wrong way. But if there is a variable that would return the FQDN I could make the enforcement profile dynamic.

Which VSA are you trying to return this in?

In this case it is with Ruckus. 
But with another customer I am doing the same thing with cisco wired web auth. There I just configured rules in the policy "if dest.ip==ip clearpass-A then return url https://FQDN Clearpass-A/guest/portal.php.
I don't really like that solution since it requires multiple profiles and policy rules. It isn't bad if there are just 2 appliances. But when you set it up with a bunch of subscribers, FQDN or IP changes can cause a lot of work and opportunity for mistakes.

I was thinking about returning it in the WISPr redirection url. Inserting the FQDN in the URL itself.