Security

last person joined: 4 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass admin login - via external RADIUS server

  • 1.  ClearPass admin login - via external RADIUS server

    Posted Dec 12, 2019 06:49 AM

    I just want to make sure I'm clear and up to date on this - is TACACS+ and local users the only option for admin user login to CPPM boxes? I have read that this is the case but the info was a few years old.

     

    We have an external RADIUS server which we use for management logins to our general network equipment so it would be ideal to use this for admin login to CPPM if possible.

     



  • 2.  RE: ClearPass admin login - via external RADIUS server

    Posted Dec 12, 2019 11:27 AM

    I have the same issue you do. First they tell me to use SAML SSO for admin log in but that causes issues as our clearpass server doing management log in doesn't share same certs and has to rely on other parts of the infrastructure. If oyu use TACACS+ you can only specify 1 IP address which breaks redundancy since my 3 Clearpass for management accounts are in different subnets. This futhure puts more reliance on other parts of our network for something that needs to run independant of failures of things on the network.