This document describes resolved issues, new and changed features, and known issues in AirWave 220.127.116.11 and previous releases
The ClearPass 6.5 Cumulative Patch 5 is now available.
In addition to several bug fixes, this release also includes several new enhancements:
* Updates to the HP RADIUS dictionary to support new features in upcoming ArubaOS-Switch (formerly ProVision) 16.01 release.
* New entries in the Guest "Vendor Settings" drop-down lists to simplify captive-portal configurations for ArubaOS-Switch, MSM and UWW platforms.
* Adds detection support for several new and updated products to OnGuard (see release notes for more details).
The patch file is available for download in the ClearPass Software Update Portal and also from the support.arubanetworks.com at the following location.
Download Software > ClearPass > Policy Manager > Current Release > 6.5.0 > Patches
Thank you for choosing AirWave 8.0. AirWave makes it easy and efficient to manage your wireless network by combining industry-leading functionality with an intuitive user interface, enabling network administrators and helpdesk staff to support and control even the largest wireless networks in the world.
When Mobility Access Switch (MAS) devices are added to AirWave, AirWave supports group-level of those devices, the operating system, software suite, and application engine that operates mobility and centralizes control over the entire network environment.
For a complete description of ArubaOS, refer to the ArubaOS User Guide for your specific Aruba Mobility Access Switch version.
This document provides general guidelines to follow when selecting and configuring hardware.The first part of this chapter describes two AirWave appliances, and the networking environment in which those appliances were tested and validated.
This document provides best practices for leveraging the Rogue Access Point Detection (RAPIDS) module of the AirWave Wireless Management Suite (AWMS) to secure your network. RAPIDS is designed to identify and locate wireless threats by leveraging all of the information available from the infrastructure (see Figure 1). RAPIDS takes the information it collects and feeds it through a customizable set of classification rules, isolating the threat devices based on your security concerns. RAPIDS can be configured to alert administrators via email, SNMP traps, or syslog messages after a threat is identified.
This document describes the AMP alert/trap workflow when integrating with a centralized NMS Event Correlation System. This document includes the following topics:
l "Adding NMS Event Correlation Servers to AMP" on page 1
l "Configuring Alerts/Traps in AMP" on page 2
l "Viewing Alerts in Various Destinations" on page 3
l "Acknowledging Alerts" on page 5
l "Compiling the AMP MIB on NMS" on page 5
l "Matching Severity in the NMS Event Correlation Servers" on page 5
l "Enhanced Integration" on page 5
l "MIB for SNMPv2c" on page 6
This document is designed as a reference for installing AirWave 8.0 using the CentOS software bundled with the .iso disc image.
In a typical IT organization, it is the Help Desk’s job to take incoming user support calls and determine whether the problem is an individual client/device issue or a broader network issue that might affect multiple users. The Help Desk itself is usually responsible for handling the individual user problems, while escalating broader network issues to the Network Engineering or Network Operations team. With wireless networks, most user complaints boil down to one of two observable problems:
l The wireless network is slow.
l I cannot connect to the wireless network.
Of course, there are literally hundreds of different potential root causes for either of these two symptoms. Many, if not most, of these problems are related to the client device settings or authentication issues, which should be handled by the Help Desk. Yet, when the Help Desk does not have the tools and diagnostic capabilities to perform this ‘triage,’ most issues are instead escalated directly to Network Engineering. The result is not pretty: users are unhappy because their problems are not resolved quickly; the Help Desk staff becomes frustrated because they cannot do their jobs; and Network Engineers suffer because they are swamped with wireless related calls.
Congratulations on successfully installing AirWave 8.0! So where do you go from here? This document is designed to help you with your initial setup. It also provides information on common configuration options and daily monitoring practices. Refer to the following sections:
l "Initial Setup" on page 5
"Common Configuration Options" on page 17
l "Monitoring Practices" on page 25
Initial Setup AirWave 8.0 initial setup consists of creating folders and groups, discovering and adding devices, and defining credentials for devices that communicate with AMP. Refer to the following sections for additional information.
l "How Do I Add Devices?" on page 5
l "Discovering New Devices" on page 7
l "How are Folders and Groups Organized?" on page 12
l "How Do I Define New Users and Roles?" on page 13
l "How Do I Define Credentials for Devices that Communicate with AMP?" on page 14
l "I Have a Mismatch. What Do I Do?" on page 15
This document describes the Aruba Instant access point and Virtual Controller system as well as the procedure to integrate this system with AirWave. This section contains the following points:
l "Overview of Aruba Instant" on page 5
l "Instant Management with AirWave" on page 5
l "Using Aruba Instant with AirWave" on page 6
l "AMP Pages with Instant-Specific Features" on page 7
l "Supported Firmware" on page 8
Overview of Aruba Instant Aruba Instant:
(Instant) is a system of access points per Layer 2 subnet. Aruba Instant IAPs are controlled by a single IAP that serves a dual role as a primary Virtual Controller, eliminating the need for dedicated controller hardware. This system can be deployed through a simplified setup process appropriate for smaller organizations, or for multiple geographically dispersed locations without an on-site administrator. Only the first IAP/Virtual Controller you add to the network must be configured; the subsequent IAPs will all inherit the necessary configuration information from the Virtual Controller. Aruba Instant continually monitors the network to determine the IAP that should function as the Virtual Controller at any time, and the Virtual Controller will move from IAP to IAP as necessary without impacting network performance. The Virtual Controller technology in Aruba Instant is capable of IAP auto discovery, 802.1X authentication, role-based and device-based policy enforcement, rogue detection, and Adaptive Radio Management (ARM).
ArubaOS is the operating system, software suite, and application engine that operates Aruba mobility controllers and centralizes control over the entire mobile environment. The ArubaOS wizards, command-line interface (CLI), and the ArubaOS Web UI are the primary means used to configure and deploy ArubaOS. For a complete description of ArubaOS, refer to the ArubaOS User Guide for your release.
The AirWave Management Client™ (AMC) is a Windows software utility that enables a client device, like a laptop, to act as a passive RF sensor and augment the AirWave Wireless Management Suite’s (AWMS) Rogue Access Point Intrusion Detection System (RAPIDS) module. The AirWave Management Client can improve both wireless network security and performance.
This document provides best practices for leveraging AirWave to monitor and manage your Aruba infrastructure. Aruba wireless infrastructure provides a wealth of functionality such as firewall, VPN, remote AP, IDS, IPS, and ARM, as well as an abundance of statistical information.
Welcome to the ClearPass Policy Manager User Guide.
The ClearPass Policy Manager User Guide provides a general overview of ClearPass Policy Manager features, as well as detailed descriptions of the configuration settings used to manage and monitor your Policy Manager deployment.
The intended audience for the ClearPass Policy Manager User Guideincludes customers, partners, and Aruba
Please note that this document is not a training guide, and it is assumed that the reader has at minimum
foundational training in ClearPass Essentials and, if possible, Aruba Certified Professional (ACCP) certification.
The user of this guide should have a working knowledge of the following:
- AAA technologies (Radius, TACACS, 802.1X, MAC authentication, and Web authentication)
- Layer-2 and Layer-3 networking
- User Identity stores, such as Active Directory
- Providing information about network device configurations and capabilities is outside the scope of this guide. For information on these topics, refer to the documentation provided by the vendor of your network equipment.
- Getting Started
- If you are new to ClearPass Policy Manager, refer to the following sections:
- For a general description of ClearPass Policy Manager features, refer to the following topics in this section,
- ClearPass Access Management System Overview and Key Features.
- For a description of how to use the Dashboard, see Using the Policy Manager Dashboard on page 21.
- About ClearPass Policy Manager ClearPass Policy Manager 6.5 | User Guide
- For a list of common configuration tasks and pointers to information about how to perform each task, refer
- to Accessing Configuration Information on page 1.
- If you are planning a new ClearPass Policy Manager deployment, refer to the ClearPass Deployment Guide.
- The ClearPass Deployment Guide is organized in a way that presents the recommended sequence in which
- ClearPass deployment should take place, and makes the major deployment tasks easy to understand and implement.
The ClearPass Deployment Guide is intended to assist Aruba SEs and network administrators, as well as
customers and partners, in deploying ClearPass Policy Manager.
This guide is organized in a way that presents the recommended sequence in which ClearPass deployment
should take place, and makes the major deployment tasks easy to understand and implement.
The ClearPass Deployment Guide includes the following information:
l Chapter 1: Install and configure ClearPass hardware and virtual appliances.
l Chapter 2: Prepare the Aruba Mobility Controller for integration with ClearPass Policy Manager.
l Chapter 3: Integrate ClearPass Policy Manager with Microsoft Active Directory.
l Chapter 4: Set up 802.1X wireless authentication with Active Directory.
l Chapter 5: Design and deploy ClearPass clusters.
l Chapter 6: Configure the Aruba Mobility Access Switch for 802.1X wired authentication.
l Chapter 7: Prepare ClearPass for LDAP and SQL authentication.
l Appendix A: Describes how a typical 802.1X authentication session flows when using ClearPass as the
authentication server with Microsoft Active Directory as the back-end user identity repository.
l Appendix B: Use the ClearPass Configuration API to configure or modify the entities in ClearPass without
logging into the Admin user interface. Information about how to access the entire set of APIs available
through ClearPass is also provided.
EAP-TLS and EAP-PEAP are two of the most highly used authentication mechanisms on enterprise WLAN.
This presentation gives a detailed step by step procedure for setting up a Controller and CPPM for EAP-TLS & EAP-PEAP – with and without EAP termination on controller.
Importantly, it covers setting up the PKI infrastructure required for these authentication mechanisms. It also looks in to detail troubleshooting tools and commands available in both AOS & CPPM.
This User Guide describes the features supported by ArubaOS 6.4.x and provides instructions and examples for configuring mobility controllers and access points (APs). This guide is intended for system administrators responsible for configuring and maintaining wireless networks and assumes administrator knowledge in Layer 2 and Layer 3 networking technologies.