Security

Hi, 

 

Is it possible to allocate a certain amount of ClearPass licenses to a certain type of authentication/ SSID? We're developing a guest service, using social media accounts. We have 100k licenses to use but as the number of authentications we will have to process, on a daily basis, is somewhat unknown, we thought we could perhaps limit the amount/ or allocate a portion for one particular service - so BAU authentications are not affected. 

 

I have seen in previous posts that there is no hard limit, on ClearPass versions 6.6 and 6.7, regarding license usage and error messages are sent to warn of over usage. Is this also the case in 6.8.5.1? 

 

Other posts suggest capping the maximum associations to the SSID profiles, is this the best way to control the usage without having to complicate things with the license limits? 

 

Thanks, Adam 

 

Unfortunately no way to allocate licenses like that , but in 6.7 and onwards ClearPass count guest licenses are now part of your Access Licenses.

The way it ClearPass calculates licenses is based on concurrent devices using Accounting.

Once way you can limit devices is by using an enforcement that only allow certain amount of devices per user using the Unique-Device-Count attribute from the Endpoint DB

Sent from Mail for Windows 10

If the question is only, that you are uncertain how many will use the guest wifi and that you are uncertain that the 100k will be enough. ClearPass will still authenticate users even if all licenses are already consumed. BUT then you have to order additional licenses because over time your access to the management GUI of ClearPass will be closed and you can only regain access via adding licenses. 

Thank you both - very useful. 

 

We're also planning on putting a restriction on the speed of the clients connection. Is the best way of applying this through an enforcement profile on ClearPass?