Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

I want to set-up clearpass onboard without an AD and use the local user database.

This thread has been viewed 7 times

  • 1.  I want to set-up clearpass onboard without an AD and use the local user database.

    Posted Oct 15, 2013 01:35 PM

    Access tracker says that my quickconnect user is not allowed to use the service, but I do not understand what I have to set-up in order to get the rest working. I wish there were flow charts in order to show how things are connected :-). I suppose I need a user, maybe a certifcate and activatte a service.



  • 2.  RE: I want to set-up clearpass onboard without an AD and use the local user database.

    EMPLOYEE
    Posted Oct 16, 2013 12:44 AM

    There are quite a few things that you will need to do to setup an onboarding setup.

     

    First thing you need to do is setup a standard 802.1x service. Here is a tech note to get you started.

     

    http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=10345

     

    After that I would recommend working with your local partner. 

     

    You are going to need to setup

     

    1. Controller (with multiple Roles)

    2. Onboarding SSID

    3. Secure SSID

    4. Certificate (must have a public signed cert to onboard IOS)

    5. Onboarding Pre auth service

    6. Root CA

    7. Onboard Networks Settings

    8. Onboard provisioning profile

    9. Im sure I missed a couple off the top of my head :)

     

    Here are a couple work flows

     

    screenshot_03 Oct. 15 23.22.gif

     

    screenshot_04 Oct. 15 23.23.gif

     

     

     

     

    screenshot_01 Oct. 15 23.22.gif

    screenshot_02 Oct. 15 23.22.gif