Security

Hi,

I am new to ClearPass. I know it can be used as a RADIUS and TACACS+ server. I would like to know:

1. Can it be used as a DNS Server or to help resolve or Force DNS resolution? If there is a conflict in the DNS name assignment can clear pass be used to force it? It coudl be that all I mentioned is not part of ClearPass capabilities but I would liek to understand it a little bit. We get IP from DHCP server pool and the name is not machine specific so I was wondering if CP can help.  

2. Can ClearPass be used as DHCP server or can it be integrated with DHCP? 

3. How does ClearPass work in a LAN environement during a user network login process and if it has any role in IP assignement and DNS resolution?

 

Thanks

Sunshine !

1) No

2) It cannot be a DHCP server but if your DHCP server has an XML API,
you could write some hooks

3) ClearPass is an authenticatoin server. IP assignmet is done based on
subnet/VLAN after authentication for 802.1X and MAC-auth and
pre-authentication for web authentication.

Thanks, cappalli,

So what information does it get from AD for user authentication. I thought it could use AD information and DNS record to pass it on to client while authentication process is performed. Can you briefly describe role of AD and how does it work with CP?

 

I also know we can do Dynamic VLAN assignment? Can it overwrite the VLAN assignment from DHCP?

If you look in the AD authentication source, you can see all of the attributes that are pulled in. You can also add additional AD attributes.

 

The user authenticates to AD via ClearPass and the attributes are pulled in for authorization.

 

DHCP happens after VLAN assignment.