Security

Hello, I am the owner of a business center. I have provided the property with network switches. It is the intention that several companies can settle in this building. Now my question is: is it possible that ClearPass can detect when company A plugs in a computer and when company B plugs in a computer. In this way, the correct VLANs can be assigned per company.

 

It is possible that ClearPass is in the domain of the business center. This is independent of the other companies. 

 

So clearpass should be able to differentiate between a number of different domains.

 

Thanks!

If you need to perform lookups for each businesses domains to see if a machine is owned/managed by their domain, ClearPass will need to be joined to of these domains. You will also need some sort of service account for ClearPass to be able to login to the domain controllers for user/device lookups.

yes clearpass can do this 

Hi, 

 

Do you also know how to do this?

Hi, 

 

You mentioned that CPPM is in the domain of Business Center. How about different companies? will they be taking service from your DC? will you be running their domain services? if customer is running their domain services where will be their servers? 

 

To be clear, if you want to check and differentiate company A from company B, the switches needs to be configured and integrated with Clearpass and Clearpass needs to be integrated with all these domains. You need to add your Clearpass to all these domains individually

Hello

 

I Created an diagram for clearity:

 

Each company had is own servers connected with the swicthes from the business center. So they run their own services. 

 

So for example: Laptop company A connect anywhere in the center with an switch port, CPPM should place this device automatically in VLAN 10.

Same for laptop company B, if this device connect with switch he should placed in vlan 20 by CPPM. 

 

So al switches are integrated as network device in clearpass. But how can clearpass join every domain? In the clearpass server administration you can only join 1 AD Domain...

 

I hope its clear.

 

Hi,

Clearpass can join multiple domains simultaneously without any issues. Also
i am not sure if there is any limitation on the number of ADs you can join.

This is probably due to the fact that CPPM is basically joined as a
computer in each of these domains and CPPM doesnt fetch and retain data
from each of these domains. ( Yes there is cache which you can adjust
accordingly)

Hi

 

Thanks i am going to try to add an second domain to it. Just then i need an central DNS server thats knows all the domains? Otherwise Clearpass cannot resolve the domains. I think?

Hi, 

 

Yes, you have to specify FQDN when adding the domain controller. IP is not accepted. Which implies you need to have a working DNS that is able to resolve all the domain controllers.