Controllerless Networks

last person joined: 22 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP 225 and clearpass

This thread has been viewed 2 times

  • 1.  IAP 225 and clearpass

    Posted May 07, 2014 11:38 PM

    Hi All,

     

    I am new with aruba AP and hopefully experts and more experience users in this forum can help me.  I have IAP 225 and clearpass installed but I don't have aruba mobility controller so basically using virtual controller built in IAP 225.  At the moment, IAP 225 is running fine and i have configured it to work 2 SSID (employee and guests).  My questions or tasks:

     

    1. How do I configure to IAP 225 to communicate with clearpass? I have seen lots of documentation for clearpass but not for the IAP configuration.

     

    My understanding is, i need to setup radius server with in IAP and create share secret, then use that credential in clearpass.  I have created a radius server in IAP from menu System > Admin  > Local : i have create a radius.  are my steps and understanding are correct?

     

    2. All the configuration (employee and guestes roles, access, setting) from IAP 225 will it be useless once I have it connected to clearpass? if so, then i will need to configure my clearpass with all the setting prior joining IAP to clearpass, is that correct?

     

    3. I have seen this steps from the forum:

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Howto-Authenticate-to-an-Aruba-Controller-via-Clearpass-and/td-p/94828

     

    is that the correct steps even though some of the steps meant to be for aruba mobility controller?

     

    Thank you for assisting with this.

     

    herry


    #AP225


  • 2.  RE: IAP 225 and clearpass

    Posted May 08, 2014 05:44 AM
    IAP Config:
    -If you have a cluster I recommend that you assign an IP address to the Virtual Controller under the systems tab this will the address you as a radius client in ClearPass
    -Enable dynamic radius proxy under system settings
    - Then add the clearpass server as a radius server in the security settings

    Clearpass
    - add VC address in the device list matching the same key
    - create two services for each network (guest and employee )


  • 3.  RE: IAP 225 and clearpass

    Posted May 08, 2014 06:23 AM

    If the roles you pass back from clearpass match roles on a controller or IAP cluster then the user will be placed into those roles - so no your roles will not be useless, they will work as they did before.



  • 4.  RE: IAP 225 and clearpass

    Posted May 12, 2014 03:59 AM

    thank you all for the response, much appreciated . I will give it another go.