Security

Reply
New Contributor

hi guy,i have a question,please help me!

I'm integrating clearpass with cisco NAD switcches 2960,3650,samll bussiness now the ting is that customer want the users to keep working normally in case of clearpass total failuer ,so what is the best thing to do to achive that ?

Re: hi guy,i have a question,please help me!

You could give this a try:

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_nac/configuration/15-mt/sec-usr-nac-15-mt-book/sec-nat-auth-fail-op.pdf

 

The other option is to set an auth-failed VLAN assignment on the switch port, which would allow access even if authentication failed, but could set that to an internet only VLAN or something to keep them somewhat functional.

 

I would also make sure there are at least (2) CPPM servers configured for redundancy and have them physically seperated in case of power outage in a given building.


Michael Haring
Architecture and Implementation Consultant
Optiv Security Inc.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: