Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Fail open when ClearPass unreachable

This thread has been viewed 12 times

  • 1.  Fail open when ClearPass unreachable

    Posted Jan 04, 2020 02:06 PM

    Hello

    I have ClearPass installed on my environment and working properly now. I just want to ask a question,so my question is that, if ClearPass server went down how can i bypass all traffic, in another words how can i make a fail open once the ClearPass went down.

    what i should configure on the switches to bypass the traffic in case of failure.

    please note that i have cisco switches 2960.

    Thanks,

    Amjad



  • 2.  RE: Fail open when ClearPass unreachable
    Best Answer

    Posted Jan 04, 2020 02:52 PM

    A good CPPM/RADIUS design should cater for a single node going down, however if your NAD's are remotely connected to a centralized CPPM deployment then in the event of a WAN failure you need to plan accordingly.

     

    Have you looked at the critical-vlan/critical-authentication options?

     

    https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_010000.html