Security

Hi,

 

We have a CP-500 with  policmanager license-500 and onboard license-500.planning to procure license CPguest-500

 

our requirement is we have 100 laptop users(user auth and machine auth) and we have requirement of onboarding 300 byod devices.In this scenario, policy manager license will go upto 400 when byods and laptops are trying authenticate or else

with the license we have, we can have 500 laptop users and 500 onboard devices?????

 

So CP500 with licenses policymanager-500,onboard-500,guest-500 will support 500 laptops,500onboard devices and 500 guest users? im confused

 

Thanks and Regards

Srikanth Soogoor

Let see if I can try to help make some sense here. :)



Policy manager has a built in auth lic for the appliance size.

500
5k
25k


You can have up to for example on the 500 appliance or VM

600 onboard
200 Guest
etc

But you can only have 500 unique MAC address active

400 active onboarded devices
100 active guests

(any combination you want)

You may have 500 devices onboarded (which use active certs in our repository) and your lic is used up, but for the appliance we look at the daily unique MAC address.

So you mean to say,

 

If we have 500 onboard, 500 guest 

 

it supports only  500 onboard devices with onboard license-500

and 500 guest users with cpguest-500

 

However, concurrently unique onboarded authenticated devices and guest authenticated devices will support only 500????

An example for the 500 appliance/VM

You can have

1000 on board lic
1000 guest lic

On the single box but you are limited on a daily unique MAC addresses that Auth to that appliance

So you mean to say , appliance will authenticate  daily 500 unique mac address instead of having 1000 onboard licenses and 1000 guest licenses??

I know this is a little confusing. I will see if I can get an updated lic guide posted. :)

 

Im sure I will really confuse you here.

 

Yes the appliance/VM are sized by daily MAC address. You can burst over the daily limit because we use a 7 day rolling average.

 

You can put as many lic you want on the appliance but it still has an active daily limit.

 

See here for a guide from July 2013

 

https://afp.arubanetworks.com/afp/images/f/ff/ClearPass-6-0-Licensing-Tech-Note-72413.pdf

 

 

hi,

 

The link you have provided for me is  asking for login and i dont have credentials as of now...can you please attach this pdf .so that i can download. And i can go through it.

 

Thanks

srikanth soogoor

Hi

 

If we have support 1000 guest users ,1000byods and 1000 domain laptops daily. 

 

Do we have to go for hardware CP HW-5000 with licenses???????

 

Policy manager-5000

Onboard           -1000

CPGuest         -1000

Correct, you only need the onboard if you are issuing the BYOD device certs from policy manger.

Im bit confused

 

We have CP HW 500

 

Right now we are supporting 150 laptops which does dot1x, 100 Byod's.

We are planning to support 500 daily guest users and planning to procure CPGuest 500 license to achieve it.

 

Now In a day , only 500 devices will authenticated with ths appliance we have ri8. 

i.e 150 laptops,100 byods,250 guests is dat ri8??

 

or else it will support 500 guests,500 laptops and 500 byods if we have following

policy manager -500

onboard-500

cpguest-500

We have CP HW 500



Right now we are supporting 150 laptops which does dot1x, 100 Byod's.

We are planning to support 500 daily guest users and planning to procure CPGuest 500 license to achieve it.



Now In a day , only 500 devices will authenticated with ths appliance we have ri8.

i.e 150 laptops,100 byods,250 guests is dat ri8??

----------------

Correct

The thing to remember is that onboard lic is held onto until the cert is revoked or expired. Unlike the others that reset daily


The appliance will have a daily capacity of 500 unique MAC address.

Any combination you want just like you example.