Security

last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba ClearPass Workshop (Video Series 2021)

This thread has been viewed 77 times
  • 1.  Aruba ClearPass Workshop (Video Series 2021)

    Posted 17 days ago
    All, upon many requests I decided to start over with the ClearPass Workshop Series in a 2021 'reboot'.

    The content is similar to the series published in 2017, but now with the current latest & greatest like ClearPass 6.10, Instant 8.8, and ArubaOS-CX Switching 10.7, and the 2021 insights.

    Videos are planned on Wednesdays #workshopwednesday. I'll update this page to keep a track of videos while these are posted. Hope you enjoy the videos and they will be useful.

    How do I configure 802.1X authentication? How do I configure Profiling, Onboard, Onguard? How to integrate with Active Directory, or deploy ClearPass Exchange?

     

    In this workshop series, we will cover these and more topics by showing you how to set up a lab environment from scratch with ClearPass, Aruba Instant wireless, and the ArubaOS switches.


    Index of videos: The schedule or content may change without prior notice.

    The 2017 version of the ClearPass Workshop is still here.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------


  • 2.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 17 days ago
    This is great Herman and looking forward to watch these videos. Let me also share that thanks to your videos its the reason that I have learned Clearpass.

    Hopefully there may be some future advanced videos. 😃


  • 3.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 17 days ago
    I'll start with the basics. If you have requests for advanced topics, let me know.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 16 days ago

    Herman,

    This is great!  Can you go over some details about certificates? There are certificates for the web, radsec, onboard, and maybe more (database cert for cluster, cert for deployment of the quick connect app?)

    What certs do we need from the public ca vs what private ca is ok.

    We have trouble with machine auth on WiFi and getting users authenticated because the machine can't connect then the user can't log on.  Details there would be a good refresher as I go back through the config to see what's wrong.  


    thanks!!



    ------------------------------
    Phillip Horn
    ------------------------------



  • 5.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 16 days ago
    Yes, certificates will be part of the labs, and I will try as much as possible to mention which type of certificates I will use and why.

    If you want to get going today, please check the ClearPass Certificates 101 Technote, as available on arubanetworks.com/clearpassdocs

    In general:
    - RADIUS/EAP Server certificate: Use certificates issued by a private PKI/CA. Same certificate on all of your ClearPass servers
    - RADIUS/EAP Client certificate (TLS): Get the certificates automatically enrolled / deployed from AD Group Policies/MDM solution, and issued from a private PKI/CA. Can be the same, or different one as the CA for the Server Cert. Unique certificate per client (or more if user+machine).
    - Radsec: Follow the guidance for EAP: Private CA. For your Radsec clients, use factory certs where possible, or find another way to get a client certificate enrolled to your network devices, like through EST.
    - Guest/Onboard: Use a public CA, so that unmanaged devices of your guests don't get certificate warnings. Wildcard Certificate will be fine here as you can use the same certificate on all of your servers.
    - WebUI: Use the same as for Guest/Onboard, as there is only a single HTTPS Server Certificate that you can deploy (with 6.10 you can deploy two, one RSA, one ECDSA, but both are for the same purpose of HTTPS). Multi-SAN is a more affordable option if you don't have a wildcard yet.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 17 days ago

    Hi Herman, very nice step to revive the absolutely great series of 2017!

    Personally I would appreciate a tshoot video with common issues and pitfalls :)

    Keep up the good work!




  • 7.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 17 days ago
    What I try to do is just walk through the process and 'forget' things while I go, so I run into issues in the videos, which I then show how to fix which introduces troubleshooting while we go. If you have specific questions, let me know.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 8.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 16 days ago
    Hi Herman, very nice you are working on new videos. Is it possible to do a little part on EAP-TEAP and integration with azure ad?

    Kind regards.

    ------------------------------
    James -
    ------------------------------



  • 9.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 5 days ago
    Good suggestion on TEAP, will include that. For Azure AD integration, did you see this series that Mitchell created?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 10.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 4 days ago
    Hi Herman,

    I saw your video series from 2017. Perfect job. Thx for that. It would be nice, if you could include a video on Wired GuestAccess for HPE/Aruba Switches.

    ------------------------------
    Matthias Pohl
    ------------------------------



  • 11.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 4 days ago
    That is a good suggestion. For CX Switching, in the meanwhile, you could check the second part of this video. Or this for ArubaOS switch. As well in the Wired Policy Enforcement Solution Guide, available from https://www.arubanetworks.com/clearpassdocs, it is described in text.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 12.  RE: Aruba ClearPass Workshop (Video Series 2021)

    Posted 3 days ago
    You were missing the video for configuring OnGuard Agentless (in the videos 2017), where i have learned a lot :D and i really appreciate your efforts to provide so professional and easy to understand videos.

    However, it would be good for everyone who is new to Clearpass, to have a video for configuring the OnGuard Agentless Scenario, since it is a bit of a head-ache when not having sufficient material for configuration :)

    ------------------------------
    Shpat
    ------------------------------