View Only
last person joined: 17 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Policy Manager

Jump to Best Answer
This thread has been viewed 1 times
  • 1.  ClearPass Policy Manager

    Posted Mar 27, 2013 05:00 AM

    hi guys! :smileyhappy:

    well i'm a rookie, and I have an aruba controller 620, with 2 access point, i have to confogure an access for the guests.
    on the controller, i have did this without issue.
    Now i have to do this with polcy manager (its version is, my first question is:


    "how i can link the controller with the policy manager?"


    and the second
    "how i can configure the policy for the guests users?"


    thanks you guys! =)

    hi, Andrea!

  • 2.  RE: ClearPass Policy Manager
    Best Answer

    Posted Mar 27, 2013 06:50 AM



    how i can link the controller with the policy manager?


    You can setup a the RADIUS connection between your Aruba Controller and the Policy Manager.

    Check Page 275 of this doc for details Aruba 6.1 doc

    Then just be sure to configure your VAP (Virtual AP) to use the RADIUS correctly


    Once you have setup your shared key create the link from the Policy Manager side:

    Configuration > Network Devices > Add Device

    Drop in the IP and the shared key and you should be good to go.


    From there you can then create a simple Guest Self-Registration form to test with. Link this Guest Self-Registration to a Captive Portal Profile on your Controller.


    how i can configure the policy for the guests users? 


    You have to understand how the Services work. This is the part we struggled with when we first started our implementation of CPPM with our Aruba Controller.

    My recommendation is once you start seeing information hitting your CPPM study the logs in the Access Tracker (Monitoring > Live Monitoring > Access Tracker). Get familiar with the information available in your logs and you can start to build your policies around that set of information. You can then do things like sending back User Roles to the user as they authenticate.


    I am by no means an expert though and I am still learning this product myself. But hopefully this will help get your pointed in the right direction. These are just some of the steps we  took to get going.



  • 3.  RE: ClearPass Policy Manager

    Posted Mar 27, 2013 07:16 AM

    Hi! thank you for the answer!


    i know how configure the radius server on the controller, but i don't know ho to this on the policy manager.

    on the controller when i creat a new radius servers it asks to me a "pre-shared key" but i don't know it.

    so i think that on the web gui of policy manager esist a page where i can read and change this key.


    if it is true, where is this page?

  • 4.  RE: ClearPass Policy Manager

    Posted Mar 27, 2013 07:17 AM

    oh i find it! thanks! 

  • 5.  RE: ClearPass Policy Manager

    Posted Mar 27, 2013 07:46 AM



    You can set the pre-shared key yourselve.

    You can set it on the Controller first, then on the Policy Manager under Configuration > Network > Devices

    you can add in the RADIUS information from your Controller and use the same pre-shared key for the RADIUS.


    Glad you found it though!



  • 6.  RE: ClearPass Policy Manager

    Posted Mar 28, 2013 06:02 AM


    I have a question for you.


    i have created a radius server on the controller, and a device on the clearpass.
    the two pre-shared keys are matched.

    now, when pc is associate to controller, i don't know if the pc is under the control of clearpass.


    well, and tell me if i wrong, i have to associate the radius server that i have created before with a VAP (Virtual Ap Profile).
    and if it is true i have to create on the radius server the account that i have to use when i access the to SSid.


    if it isn't, can you explain to me, how the controller, or better the guests, can access to ssid uner the control of policy manager?

  • 7.  RE: ClearPass Policy Manager

    Posted Apr 01, 2013 07:28 AM



    Not sure if you have already have your answer...


    Yes you have to associate the RADIUS Server with a VAP


    You can assign your RADIUS Server under the AAA Profile that is associated with the VAP you are working with

    Configuration > All Profiles > AAA Profile > <AAA Profile Name> > 802.1X Authentication Server Group


    You have to monitor your Access Tracker in order to know if the user requests are being received by the CPPM. If you see the user requests hitting the CPPM then you can start to create your services and at that point your client requests will be handled by the CPPM.


    Assuming you are trying to do 802.1X authentication you can use an LDAP/AD account in order to access the SSID. Remember to setup an authentication source to get the user information from.


    On the CPPM: Configuration > Authentication > Sources



  • 8.  RE: ClearPass Policy Manager

    Posted Mar 27, 2013 07:54 AM

    I recommend you read the ClearPass/Aruba Integration Guide; it walks through the setup you require.