06-27-2017 09:36 AM
This may be a very straightforward question, but I am trying to watch out for any unseen "gotchas" before recommending this architecture.
Are there any known issues with managing an IAP cluster via Central but handling the authentication through ClearPass? My understanding is that the external authentication server on the Central group just needs to be pointed at the ClearPass server, at which point this becomes more or less an Instant and ClearPass config and Central is no longer involved. Is that correct, or am I missing something?
Any kind of VRD or recipe would be greatly appreciated.
Solved! Go to Solution.
06-28-2017 07:23 AM
If you consider Central as a centralized replacement for the Instant local config, you are fully correct. Put the same configuration in Central as you would put in the Instant itself.
To get ClearPass and Instant setup, you may check out the Guest parts of this video series: https://community.arubanetworks.com/t5/Security/Aruba-ClearPass-Workshop-Video-series/td-p/291597
The videos show how to do it directly on Instant, the terminology and options are similar to Central (just looks different).
One change is that with Aruba Central, there will be a certificate pushed to the IAP with the name securelogin.hpe.com, so where the video uses captiveportal-login.arubalab.com (or something similar), put the securelogin.hpe,com there.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).