Security

Hi,

We're planning a Clearpass cluster deployment for a coworking business. They own multiple estates and sell office space for business of various sizes and needs, which we will provide network services for. 

The biggest question I have is which authentication method we should go with. We've been testing self-signed radius certificates for a while which seems to work fine, however I don't like the security warning most clients give using this method. Clients are given a resource network for printer, servers etc. if needed and access is provided using ACLs. Therefore I don't want to go with a simple mac authentication based solution.

Guests are handled using a self-reg portal with a publicly signed SSL cert with all servers in the SAN field.

Has anyone configured similar environments or have any recommendations or best practices?

Thanks,

Chris

PSK + Captive Portal or PEAP-Public + Captive Portal are your best options for that type of environment.

Thanks for the quick response, Tim!

During our testing so far we've been generating local Clearpass user accounts which are assigned to a company specific role, which again is used to push corresponding ACLs. If I understand the combination of PSK + Captive portal correctly, the individual users would be granted access rules based on their captive login.

How would we then go about keeping their sessions active and preventing them from logging in through the captive portal every day?

Chris