Contributor I

Opinions on network device authentication



We currently have a Clearpass cluster that is mainly used for wireless authentication (EAP-MSCHAPv2) and guest wireless. We are using Clearpass for TACACS/ PAP authentication for some routers and other network devices that were recently moved from our legacy TACACS server. Currently we are doing a little under 3 million auths/day.


The legacy TACACS server is still being used for our edge switch aaa, and this is about 250K auths/day. Most of this is due to our NAC and it is using a local account for login so no LDAP/AD is being utilized for these auths (i.e low resources). I'd like to move all auths off this server to either the existing Clearpass cluster or a separate new TACACS/RADIUS environment.


I've been reading that some folks like to have a separate envirnoinment for their network device auths and others don't have a problem in combining them. I'd like to get opinions on what you are doing and why you think it is a good solution?  Personally at this time I'm leaning towards having a single environment for the auths.



Regular Contributor II

Re: Opinions on network device authentication

A single environment makes it easier to use features available through ClearPass Exchange such as updating your firewall solution with user information.

Search Airheads
Showing results for 
Search instead for 
Did you mean: