Hi guys,
Today I was in a config where I have two master controllers and two local controllers. The two controller pairs are on differnt geographical locations. I got also 2 Clearpass Servers running in publisher, subscriber mode. The publisher is in the same location as the master controllers and the subscriber node is more or less at the same location as the local controllers.
What I try to achieve is that the local controllers use the subscriber node to authenticate the users they are serving and vice versa (master controllers -> publisher node). So far my setup works as desired. I can see that the authentication for a client on a local controller is performed by the subscriber node. But the I looked closer in the access tracker entry and I saw that the NAD device IP isn't the IP address of the local controller but the master controllers IP address.
In my understandig the request is sent (proxied) by the master controller (NAD IP).
So my question is: Is the request processed by the local controller then sent to the master to proxy it?
In my understanding all client traffic which comes from a AP connected to an local controller is handled by the local controller. Is there any exeption regarding the authentication traffic?
Is there any chance of a config change which I can do?
thanks in advance!!