Contributor I

ClearPass rules combined or split?

I was at recent event and a discussion came up about clearpass deployments.


Some say for better proformance you should combine your clearpass service rules e.g. mac auth/social into one rule, others say you should split them out as it makes it easier to troubleshoot.


What is the community view?


Guest Blogger

Re: ClearPass rules combined or split?

My personal preference is to combine as much as possible in one service. But I make a distinction between wired, wireless and management services. 


And I use "dividers" to order the services in a more readable way.


@rene_booches | AMFX #26, ACMX #438, ACCX #725, ACDX #760, CCNP R&S, CEH | Co-owner/Solution Specialist@4IP / blog
Guru Elite

Re: ClearPass rules combined or split?

There's not a one size fits all answer. Literally every ClearPass deployment is different in some way.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass rules combined or split?

Tim, this is true no clearpass is same, i have deployed multiple CPPMs of varing sizes and none are them same.


It does bring up the point, however there is no clear, best practice guide on deployments.

Search Airheads
Showing results for 
Search instead for 
Did you mean: