Hi All,
Me and my client want to go one step futher with our Proof of Concept ClearPass Cluster and hook it to a 'live' environment. We are using 802.1x and MAB on Wired and setup a few services.
The part that is unclear to me, how can I apply the monitoring mode (not just on the ClearPass services), but also on the authenticator devices?
In my view; once I configure a 'live' switch to use ClearPass as a RADIUS-server, configure the switch ports, and set all CPPM services in monitor mode, all traffic is unable to authenticate, and thus, will have no access to the internal network? This is not what I want when 'monitoring' the policies on a live-environment..
My question is: What is a good way to extent the Proof of Concept to a real environment without enforcing the policies? What is the best-practice on using monitoring mode?
I hope you guys understand my question, thanks in advance!
------------------------------
Lex
------------------------------