Hello,
We currently have a Clearpass cluster that is mainly used for wireless authentication (EAP-MSCHAPv2) and guest wireless. We are using Clearpass for TACACS/ PAP authentication for some routers and other network devices that were recently moved from our legacy TACACS server. Currently we are doing a little under 3 million auths/day.
The legacy TACACS server is still being used for our edge switch aaa, and this is about 250K auths/day. Most of this is due to our NAC and it is using a local account for login so no LDAP/AD is being utilized for these auths (i.e low resources). I'd like to move all auths off this server to either the existing Clearpass cluster or a separate new TACACS/RADIUS environment.
I've been reading that some folks like to have a separate envirnoinment for their network device auths and others don't have a problem in combining them. I'd like to get opinions on what you are doing and why you think it is a good solution? Personally at this time I'm leaning towards having a single environment for the auths.
TIA