Security

Reply
Contributor I
Posts: 23
Registered: ‎02-19-2017

ClearPass rules combined or split?

I was at recent event and a discussion came up about clearpass deployments.

 

Some say for better proformance you should combine your clearpass service rules e.g. mac auth/social into one rule, others say you should split them out as it makes it easier to troubleshoot.

 

What is the community view?

 

Guest Blogger
Posts: 21
Registered: ‎02-20-2015

Re: ClearPass rules combined or split?

My personal preference is to combine as much as possible in one service. But I make a distinction between wired, wireless and management services. 

 

And I use "dividers" to order the services in a more readable way.

services.png

@rene_booches | ACMX #438 / ACCP / CCNP Routing & Switching / CEH
Co-owner/Solution Specialist@4IP / blog owner@booches.nl
Guru Elite
Posts: 8,338
Registered: ‎09-08-2010

Re: ClearPass rules combined or split?

There's not a one size fits all answer. Literally every ClearPass deployment is different in some way.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 23
Registered: ‎02-19-2017

Re: ClearPass rules combined or split?

Tim, this is true no clearpass is same, i have deployed multiple CPPMs of varing sizes and none are them same.

 

It does bring up the point, however there is no clear, best practice guide on deployments.

Search Airheads
Showing results for 
Search instead for 
Did you mean: