I'm working on getting myself up to speed on ClearPass after our previous in-house resource for it moved on and I inherited a deployment project for one of our customers. We're going to be authenticating everything, using it for wireless 802.1x, wired 802.1x and MAC auth (for headless devices), OnGuard for posture enforcement, and TACACS for network devices. Most of the technical stuff is straightforward enough to slog through labbing out with the videos / documentation, but the one thing that bothers me is the lack of 'here's the best way to do things' resources on ClearPass....either straight from HPE/Aruba or otherwise. Like, I can look at ClearPass and say "Yep, I can make it do XYZ, technically, no problem" but as far as actually making the decisions as to how we're going to make it behave, I'm struggling with.
Some of it is easy enough to think through in terms of device fingerprinting and returning roles / VLAN assignments, but are there any good resources either ClearPass specific or general NAC guides about the best way to approach enforcement anybody can share? I know there are some real slick ClearPass implementations out there but no VRDs I've seen, good "Here's what our policies look like" resources, etc.
No comments:
Post a Comment