I am curious about using a catchall subnet for our company in CPPM, since we have over 750 devices that we wish to point to CPPM for RADIUS authentication. We are using CPPM to point to Active Directory and hit upon a particular network admin profile so that it returns the proper role, its not like anyone can just authenticate to it. Is there anything wrong with just using a catchall subnet, like 10.0.0.0/8 to cover our internal network, instead of entering every single device in there one by one? I also was working on a XML file that I could import, but even that takes forever to make with 750 devices. What are the downsides or concerns of using a catchall subnet in the Devices tab on CPPM?
Thank you, this is what I expected. But what makes this loose on the security side if we are manually pointing the devices to the CPPM and it checks against AD for a particular group membership before granting access?
you don't control anymore which devices can use ClearPass. so someone could introduce a device and have that do regular authentication against the ClearPass while perhaps sniffing credentials.
the chance isn't that great i think and they still need the shared secret also.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.