06-07-2016 06:28 AM
We currently have a Clearpass cluster that is mainly used for wireless authentication (EAP-MSCHAPv2) and guest wireless. We are using Clearpass for TACACS/ PAP authentication for some routers and other network devices that were recently moved from our legacy TACACS server. Currently we are doing a little under 3 million auths/day.
The legacy TACACS server is still being used for our edge switch aaa, and this is about 250K auths/day. Most of this is due to our NAC and it is using a local account for login so no LDAP/AD is being utilized for these auths (i.e low resources). I'd like to move all auths off this server to either the existing Clearpass cluster or a separate new TACACS/RADIUS environment.
I've been reading that some folks like to have a separate envirnoinment for their network device auths and others don't have a problem in combining them. I'd like to get opinions on what you are doing and why you think it is a good solution? Personally at this time I'm leaning towards having a single environment for the auths.
06-14-2016 06:20 AM
A single environment makes it easier to use features available through ClearPass Exchange such as updating your firewall solution with user information.
ACDX #98 | ACMP | ACCP