Security

Reply
Contributor I
Posts: 23
Registered: ‎09-17-2012

Opinions on network device authentication

Hello,

 

We currently have a Clearpass cluster that is mainly used for wireless authentication (EAP-MSCHAPv2) and guest wireless. We are using Clearpass for TACACS/ PAP authentication for some routers and other network devices that were recently moved from our legacy TACACS server. Currently we are doing a little under 3 million auths/day.

 

The legacy TACACS server is still being used for our edge switch aaa, and this is about 250K auths/day. Most of this is due to our NAC and it is using a local account for login so no LDAP/AD is being utilized for these auths (i.e low resources). I'd like to move all auths off this server to either the existing Clearpass cluster or a separate new TACACS/RADIUS environment.

 

I've been reading that some folks like to have a separate envirnoinment for their network device auths and others don't have a problem in combining them. I'd like to get opinions on what you are doing and why you think it is a good solution?  Personally at this time I'm leaning towards having a single environment for the auths.

 

TIA

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Opinions on network device authentication

A single environment makes it easier to use features available through ClearPass Exchange such as updating your firewall solution with user information.

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: