Occasional Contributor I

Similar Aruba product as Cisco AnyConnect agent ?

Hi everyone,


Quick question : Does someone know if Aruba has a similar solution as the Cisco agent called AnyConnect ? My customer would like to know if it's possible to replace 802.1x Windows supplicant by an Aruba agent (similar to Cisco AnyConnect) ?

Initial purpose of this agent was to shorten client assessment and compliance check process. But primary goal for customer is to overcome 802.1x Windows supplicant limitation.


If such an agent exist, can it also replace the Machine Authentication feature provided by Windows ?


Thank you for your consideration.


Best regards,




Guru Elite

Re: Similar Aruba product as Cisco AnyConnect agent ?

The equivalent would be ClearPass Onguard:

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: Similar Aruba product as Cisco AnyConnect agent ?

What limitations of the Windows supplicant are you trying to overcome?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Similar Aruba product as Cisco AnyConnect agent ?

Hi all,


Thank you for your reply.


@CJoseph : That's right that OnGuard is a similar agent, but from my understanding (not much experience with it) it is only for compliance/health check. Customer is not looking just for compliance check but also for replacing the Windows embedded 802.1x feature by an agent. They have both Clearpass and Cisco ISE implemented in their network, apparently Cisco is providing this agent called AnyConnect to replace Windows 802.1x supplicant (first time I hear about it) in order to improve authentication process.


@Cappalli : Basically customer wish to have more flexibility, simplicity and client control.

For instance being able to check authentication logs from the agent (without using the switch debug tool), being able to manually send reauthentication request directly to 802.1x supplicant from Clearpass and not from switch (we are in a wired environment). Aslo being able to send information messages to clients (possible with OnGuard if I remember well).

Lastly add more flexibility on start/logon process sequence, they meet security issues with processing GPOs along with Machine and User authentication. The 802.1x SSO feature isn't enough and revealed itself not working properly on laptop with an endpoint encryption agent.


Note that there is no good or bad answer, Clearpass implementation is successful. Onguard implementation is planned in near future. It is only for curiosity and maybe mid term improvement of the current Clearpass implementation. 


Thank you very much.







Search Airheads
Showing results for 
Search instead for 
Did you mean: