10-24-2016 11:12 PM
Quick question : Does someone know if Aruba has a similar solution as the Cisco agent called AnyConnect ? My customer would like to know if it's possible to replace 802.1x Windows supplicant by an Aruba agent (similar to Cisco AnyConnect) ?
Initial purpose of this agent was to shorten client assessment and compliance check process. But primary goal for customer is to overcome 802.1x Windows supplicant limitation.
If such an agent exist, can it also replace the Machine Authentication feature provided by Windows ?
Thank you for your consideration.
Solved! Go to Solution.
10-25-2016 01:27 AM
The equivalent would be ClearPass Onguard: http://www.arubanetworks.com/products/security/network-access-control/clearpass-onguard/
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
10-25-2016 11:47 PM
Thank you for your reply.
@CJoseph : That's right that OnGuard is a similar agent, but from my understanding (not much experience with it) it is only for compliance/health check. Customer is not looking just for compliance check but also for replacing the Windows embedded 802.1x feature by an agent. They have both Clearpass and Cisco ISE implemented in their network, apparently Cisco is providing this agent called AnyConnect to replace Windows 802.1x supplicant (first time I hear about it) in order to improve authentication process.
@Cappalli : Basically customer wish to have more flexibility, simplicity and client control.
For instance being able to check authentication logs from the agent (without using the switch debug tool), being able to manually send reauthentication request directly to 802.1x supplicant from Clearpass and not from switch (we are in a wired environment). Aslo being able to send information messages to clients (possible with OnGuard if I remember well).
Lastly add more flexibility on start/logon process sequence, they meet security issues with processing GPOs along with Machine and User authentication. The 802.1x SSO feature isn't enough and revealed itself not working properly on laptop with an endpoint encryption agent.
Note that there is no good or bad answer, Clearpass implementation is successful. Onguard implementation is planned in near future. It is only for curiosity and maybe mid term improvement of the current Clearpass implementation.
Thank you very much.