Security

Reply
Occasional Contributor II

MAC Authentication Survivability

We have a scenario where IoT type devices are authenticated using PSK / MAC auth with ClearPass at a WAN connected site.

 

We'd like to avoid a situation where the WAN goes away and devices are unable to MAC auth via ClearPass.

 

Is there any mechanism in the controller which can cache the last known authentication result within a defined period of time?

Re: MAC Authentication Survivability

That's not possible today

Your only option is to use the controller internal db as an additional backup if the list of Mac addresses isn't too big

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: MAC Authentication Survivability

Looks like authentication-survivability will work though?

 

My only question with that is what happens with a bridged mode SSID if the controller goes away?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: