When deploying remote access points with zero touch provisioning you need to add them to a folder in Aruba Activate. You then build a rule in the folder that directs any factory default access point assigned to the Aruba Activate folder to the correct Aruba controller. When the access point connects the Aruba controller will authenticate the remote access point VPN, by sending the authentication from the Aruba controller to ClearPass you are creating a centralized repository for the RAP whitelist. This has the advantage of being able to authenticate any of your remote access points into any controller without having to ensure that the controllers are synchronized. When ClearPass authenticates the remote access point it’s going to use a MAC authentication request against the Endpoints Repository. There are two ways of populating the remote access whitelist into the Endpoints Repository. The first is to manually export the inventory CSV from the folder in Aruba Activate then you will convert the file using the tool found at Aruba Solutions Exchange ( https://ase.arubanetworks.com/solutions/id/155 ) to convert the export file into a file that can be input into ClearPass. The second method is to automate the process using ClearPass Endpoint Context Servers settings. ClearPass will sync the whitelist every hour, pulling in any new access points placed in that folder.
This video shows you the steps necessary to configure ClearPass to synchronize a single folder from Aruba Activate.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.