02-04-2016 09:12 AM
I am curious about using a catchall subnet for our company in CPPM, since we have over 750 devices that we wish to point to CPPM for RADIUS authentication. We are using CPPM to point to Active Directory and hit upon a particular network admin profile so that it returns the proper role, its not like anyone can just authenticate to it.
Is there anything wrong with just using a catchall subnet, like 10.0.0.0/8 to cover our internal network, instead of entering every single device in there one by one? I also was working on a XML file that I could import, but even that takes forever to make with 750 devices.
What are the downsides or concerns of using a catchall subnet in the Devices tab on CPPM?
Solved! Go to Solution.
02-04-2016 09:14 AM
02-04-2016 09:18 AM
Thank you, this is what I expected.
But what makes this loose on the security side if we are manually pointing the devices to the CPPM and it checks against AD for a particular group membership before granting access?
02-07-2016 01:27 PM
you don't control anymore which devices can use ClearPass. so someone could introduce a device and have that do regular authentication against the ClearPass while perhaps sniffing credentials.
the chance isn't that great i think and they still need the shared secret also.