Reading Guides and following discussions I understand that best practice is to use the Management Port only. If the Data Port is introduced, then the Management Port should be used to access the Clearpass and all authentication and the Guest traffic should go via the Data Port.
My current deployment is as follows: I use the Management Port to access the appliance and use it for 802.1X and MAC Auth. The clients reside in a different VLAN, so I added a static route, to send the answers back from where they came.
The Data Port is configured in the Guest VLAN and directly attached to the Firewall. This, to have the Guest traffic run over its own interface, physically separated from internal traffic.
Is this setup also recommended or feasible?