Security

Hello i was wondering what are the features that you can configure in clearpass but with non aruba swtiches neither aruba WLAN controller.

 

For example as far i know i can identify what devices is it, but on the controller and with taht information the clearpass can then put a rule with that.

But now how does this work with an cisco wireless controller? can they give the info to the clearpass? or how does this work?

 

What i want to know what can i do with a clearpass with ARuba and what i can do with clearpass but with NON aruba equipments

 

Is there a table taht can tell me this??

 

Cheers

Carlos

You won't get the Aruba-Device-Type classification but ClearPass has its own Device Fingerprints that are derived from HTTP headers, MAC OUIs and DHCP options.

 

The first step would be to add the ClearPass servers as DHCP relay addresses to the layer 3 interfaces of the clients and enable Endpoint Classification for each server under Server Configuration.

Are there things you cannot do on the 3rd party switches that you can do only with aruba with clearpass?

 

Cheers

Carlos

You can do full device classification without Aruba switches or controllers. ClearPass handles the profiling based on OUI and DHCP fingerprints.

 

Mr. Cappalli!

Which collectors do you use on your super brandeis university deployment?

Which one were recommended by your aruba partner?

 

Cheers

Carlos

We use everything except OnBoard, ActiveSync, and OnGuard.

Thank you!

Carlos,

We use clearpass with aruba and non-aruba wireless. We have the same exact set-up on set-up on both. What wireless do you run? We don't do any air-group and we don't do any certificate based authentication.

The only thing that is nice about using aruba products is that aruba passes the ap-name in the radius request giving you more information to make decisions on. You could do this on another system using roles based on calling station ID.

Cheers.. Hope you select clearpass. :-). I think you get a lot of features for the price. I will say that TAC is not the best for the complex stuff but they try to help you. (I can't say another vendor is better).

Needless to say clearpass is a radius server because aruba is a standards based company you'll have to look at what your devices support.

The answer is yes but it's not because Clearpass gives you extra features it's because aruba devices support it. For instance aruba has roles on WLAN controllers. And Clearpass can change the role of a device from one to another.

Another feature we use in our aruba environment is the return username function. This allows us to see the username of the device in airwave instead of the mac-address for our mac-auth clients. This is a feature of the aruba controller not clearpass. This could be done with another radius server.


Carlos, are you running a cisco wlan? Or another vendor?

Hello!

 

To asnwer your questions well i work in a arubanetworks partner.  It just that im starting to study, practice  Clearpass.

Clearpass is just another world that it doesnt matter if you know a lot of configuring mobility controllers or aruba deivces.

 

I hope this client picks clearpass.  They are using Cisco Infraestructure

 

Hopefully ill know a lot of clearpass with the Clearpass essentials we just bough and also in the Airheads summit i already register on the clearpass course that prepares you for the ACCA

 

But for now i need your help guys and thanks! for asnwering my questions!!

 

Cheers

Carlos

 

Nice info and answers in this thread.

 

That said - it's quite a big question you give us Carlos :)

"What i want to know what can i do with a clearpass with ARuba and what i can do with clearpass but with NON aruba equipments"

 

Perhaps the first question you want to ask and answer yourself is:

* What do we want to use ClearPass for?

* How granulated authentication/authorization do we want?

* Which modules do we want to use?

 

I've had several customers that have no problem seeing the Guest part, and then a little more convincing needed for the next step which is BYOD. Here they usually don't want to go further than "if company owned PC then assign allowall roles/business vlan, non-company owned = byod-role/guest vlan".

 

This you can accomplish with anything that supports Radius.