Security

Hi All,

 

I've got an opportunity where a customer uses Google app exclusively. They have no local user repository.

 

They are looking to implement wired 802.1X with MAC fallback for device which do not support wired 802.1X. Their switches support this.

They have a mixture of client device types; Windows, Linux, MACs.

 

Here's what I've read and been told:

 

1. ClearPass OnBoard can probably work in this scenario if it were Wi-Fi. This isn't really workable anyway on Linux machines.
2. ClearPass & Cloudessa together would support this. Or rather Cloudessa support it and CPPM could be used as a RADIUS Proxy. There are limitation to this though, one of which is devices will need to support EAP-TTLS

Am I missing something? Is there another way to make this work?

 

Could we just present a captive portal to all clients then authenticate using CPPM Guest with Google Apps and MAC caching?

 

 Keen to hear your thoughts .

 

We generally recommend using G Suite pre-authentication with ClearPass Onboard for the most secure solution.

MAC caching could be used but generally isn't recommended for a primary authentication method.

---

@cappalli wrote:
We generally recommend using G Suite pre-authentication with ClearPass Onboard for the most secure solution.

MAC caching could be used but generally isn't recommended for a primary authentication method.

---

Hi Tim,

 

OnBoard isn't really a viable option due to the cumbersome Linux onboarding procedure. Also as this is wired would it work anyway?

 

I agree with the MAC caching comment. 

 

This doesn't leave many options.

 

 

 

Yes, Onboard is supported for both wired and wireless.

 

Which Linux distros are in use? What percentage of the user population?