Occasional Contributor I

Clearpass - Onguard - setup

Hello ,

I am new to Aruba. I was trying to setup clearpass for posture assessment of wired dot1x network connections. We use 3750 cisco switches and authentication is against AD servers. 


Is there is a setup guide available i can find?

Im trying to accomplish the following

1. User connects the computer 

2. onguard does the posture assessment, if passes

3. Clear pass looks for his/her department and assigns the vlan

4. If fails,shows the remediation or do auto remediation.


I got the vlan assignment part working as that seems self explanatory.


I understand that we have multiple options for doing the posture assessment 

1. webpage

2. install application 

We would like to look at both 


If someone can point me to a configuration guide or suggest me ideas i will be greatful.





Guru Elite

Re: Clearpass - Onguard - setup

Are you working with an Aruba partner? It can be a bit complex to explain on here. 


Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Clearpass - Onguard - setup

This is what i have done so far.


we are using 802.1x to AD authentication on cisco 3750 switches.


On Clearpass 

Configuration -> service (new service) - 802.1x wired

defaults in the service

authentication to AD server

we are not doing any roles


Enforcement - new policy - I have created 2 conditions. 

1. tips: rols equals {user authentication}

 and tips:posture equals healthy(0)

Then assign employee vlan

2. Tips:role Equals 

{user authentication}

 and tips:posture NOT_Equals healthy(0)

Then cisco-wired onguard redirect and temporary vlan


For the cisco-wired onguard redirect profile i have set a url redirect to clearpass onguard



Connected a windows 7 machine to the port - it does the authentication and fails rightaway. 

however on the access tracker clearpass, i can see that login-status is ACCEPT 

and summary says its using the right service that i have created and it falls under condition-2 

on the output its sending the vlan attributes for temporary vlan and cisco-avpair url redirect. 


As its not authenticating i cant get to the url. However in the profiles when i remove the radius attribute for url redirect and keep just the vlan  machine authenticates with my credentials and gives me the vlan i need but with out posture assessment. 


One thing i have noticed is in access tracket - summary - I see below


System Posture Status:


I must be missing something. Any help will be much appreciated.

Guru Elite

Re: Clearpass - Onguard - setup

Is it machine authenticating of user?

What does the alerts tab say?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Clearpass - Onguard - setup

Yes, authentication using user credentials.


In the access tracker i only see summary , input and output .. I dont see alerts tab

Search Airheads
Showing results for 
Search instead for 
Did you mean: