Security

Hi, 

Is it best practice to have a separate service to handle mac caching within ClearPass or to include it within the same service? I have the following condition within a role mapping policy, all within one service. 

Please advise.  

Adam

MAC Caching consists of two parts:

- A WEBAUTH that handles the captive portal authentication and injects timestamps into the endpoint database.

- A MAC Authentication service and leverages the timestamps injected during captive portal authentication.

Best-practice is to have two separate services for these as MAC Auth in general is done in a separate service from user authentication services.

Does this answer the question, or did I miss the point?

Thanks for this reply. 

We actually have an interface where users can register their device mac address and receive an MPSK. 

Does the the two service model still apply to this scenario?

Thanks  

This is IoT/headless registration? You should use the MPSK service template.

Yes - that's right IoT registration. 

Good - that's what we're currently using. It was to double check we were going about it the correct way. 

Thanks