Security

 View Only
  • 1.  Opinions on network device authentication

    Posted Jun 07, 2016 09:29 AM

    Hello,

     

    We currently have a Clearpass cluster that is mainly used for wireless authentication (EAP-MSCHAPv2) and guest wireless. We are using Clearpass for TACACS/ PAP authentication for some routers and other network devices that were recently moved from our legacy TACACS server. Currently we are doing a little under 3 million auths/day.

     

    The legacy TACACS server is still being used for our edge switch aaa, and this is about 250K auths/day. Most of this is due to our NAC and it is using a local account for login so no LDAP/AD is being utilized for these auths (i.e low resources). I'd like to move all auths off this server to either the existing Clearpass cluster or a separate new TACACS/RADIUS environment.

     

    I've been reading that some folks like to have a separate envirnoinment for their network device auths and others don't have a problem in combining them. I'd like to get opinions on what you are doing and why you think it is a good solution?  Personally at this time I'm leaning towards having a single environment for the auths.

     

    TIA



  • 2.  RE: Opinions on network device authentication

    Posted Jun 14, 2016 09:20 AM

    A single environment makes it easier to use features available through ClearPass Exchange such as updating your firewall solution with user information.