I'm integrating clearpass with cisco NAD switcches 2960,3650,samll bussiness now the ting is that customer want the users to keep working normally in case of clearpass total failuer ,so what is the best thing to do to achive that ?
You could give this a try:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_nac/configuration/15-mt/sec-usr-nac-15-mt-book/sec-nat-auth-fail-op.pdf
The other option is to set an auth-failed VLAN assignment on the switch port, which would allow access even if authentication failed, but could set that to an internet only VLAN or something to keep them somewhat functional.
I would also make sure there are at least (2) CPPM servers configured for redundancy and have them physically seperated in case of power outage in a given building.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.