Security

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,

Well the trick there is the 802.1x and this is because:
- Clearpass uses RADIUS for 802.1x authentication (UDP) and Azure does not support UDP Load balancing in the same way as you would have it on-prem. 
- Latency between the network devices doing the auth-request towards the Azure-hosted CPs could impact the performance and you might receive a lot of EAP timeouts (maybe you can play here with timers). 802.1x relies on timely response and latency between the NAD and CP could be a headache if there is latency.
- Azure can be geographically distributed and that is also latency.
- If you are using Captive Portal redirection in your configuration/scenarios, you need to ensure external accessibility, proper DNS Resolution. You also need to create a secure connection between Azure and your network devices. You might need to add a VPN or Express Route for secure communication (with this said again more latency).

As a possible solution, you could use Azurestack with Hybrid approach which would give you the option to have 802.1x in an Clearpass located OnPrem and the Guest WiFi, BYOD against the Azure hosted on cloud. Site-to-Site VPN would enable you to do RADIUS Authentication and UDP Transport, but you should keep in mind the latency for 802.1x


Hope this was the answer you wanted to hear.

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,

We are having 2x ClearPass VMs in Azure and doing 802.1x authentication using EntraID and Intune. It is working fine although we have some EAP timeout packets but the end users don't notice any issues.

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,

Thanks for the reply and details. Do you folks use it for Guest Wifi authentication, or how do you handle that aspect? 
Thanks very much,

We are having 2x ClearPass VMs in Azure and doing 802.1x authentication using EntraID and Intune. It is working fine although we have some EAP timeout packets but the end users don't notice any issues.

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,

You would do that similar to what you would do on-premises. Make sure that from the guest network the ClearPass is accessible on HTTPS, which you probably want to do through a VPN/connection between your site and your VPC/deployment in Azure.

Thanks for the reply and details. Do you folks use it for Guest Wifi authentication, or how do you handle that aspect? 
Thanks very much,

We are having 2x ClearPass VMs in Azure and doing 802.1x authentication using EntraID and Intune. It is working fine although we have some EAP timeout packets but the end users don't notice any issues.

Bit of an open ended question, but we currently have two CP servers on prem and are using for both wired and wireless 802.1x authentication and guest Wi-Fi access. We have started to look at hosting CP in Azure, but in some reading it sounds like we might not be able to support 802.1x. Can anyone shed any insight on moving to Azure along with maintaining the current deployment, or does it need some large scale changes?

Thanks very much,