Regular Contributor I

ClearPass Policy Manager

hi guys! :smileyhappy:

well i'm a rookie, and I have an aruba controller 620, with 2 access point, i have to confogure an access for the guests.
on the controller, i have did this without issue.
Now i have to do this with polcy manager (its version is, my first question is:


"how i can link the controller with the policy manager?"


and the second
"how i can configure the policy for the guests users?"


thanks you guys! =)

hi, Andrea!


Re: ClearPass Policy Manager



how i can link the controller with the policy manager?


You can setup a the RADIUS connection between your Aruba Controller and the Policy Manager.

Check Page 275 of this doc for details Aruba 6.1 doc

Then just be sure to configure your VAP (Virtual AP) to use the RADIUS correctly


Once you have setup your shared key create the link from the Policy Manager side:

Configuration > Network Devices > Add Device

Drop in the IP and the shared key and you should be good to go.


From there you can then create a simple Guest Self-Registration form to test with. Link this Guest Self-Registration to a Captive Portal Profile on your Controller.


how i can configure the policy for the guests users? 


You have to understand how the Services work. This is the part we struggled with when we first started our implementation of CPPM with our Aruba Controller.

My recommendation is once you start seeing information hitting your CPPM study the logs in the Access Tracker (Monitoring > Live Monitoring > Access Tracker). Get familiar with the information available in your logs and you can start to build your policies around that set of information. You can then do things like sending back User Roles to the user as they authenticate.


I am by no means an expert though and I am still learning this product myself. But hopefully this will help get your pointed in the right direction. These are just some of the steps we  took to get going.



Regular Contributor I

Re: ClearPass Policy Manager

Hi! thank you for the answer!


i know how configure the radius server on the controller, but i don't know ho to this on the policy manager.

on the controller when i creat a new radius servers it asks to me a "pre-shared key" but i don't know it.

so i think that on the web gui of policy manager esist a page where i can read and change this key.


if it is true, where is this page?

Regular Contributor I

Re: ClearPass Policy Manager

oh i find it! thanks! 


Re: ClearPass Policy Manager



You can set the pre-shared key yourselve.

You can set it on the Controller first, then on the Policy Manager under Configuration > Network > Devices

you can add in the RADIUS information from your Controller and use the same pre-shared key for the RADIUS.


Glad you found it though!




Re: ClearPass Policy Manager

I recommend you read the ClearPass/Aruba Integration Guide; it walks through the setup you require.





Systems Engineer, Northeast USA

Regular Contributor I

Re: ClearPass Policy Manager


I have a question for you.


i have created a radius server on the controller, and a device on the clearpass.
the two pre-shared keys are matched.

now, when pc is associate to controller, i don't know if the pc is under the control of clearpass.


well, and tell me if i wrong, i have to associate the radius server that i have created before with a VAP (Virtual Ap Profile).
and if it is true i have to create on the radius server the account that i have to use when i access the to SSid.


if it isn't, can you explain to me, how the controller, or better the guests, can access to ssid uner the control of policy manager?


Re: ClearPass Policy Manager



Not sure if you have already have your answer...


Yes you have to associate the RADIUS Server with a VAP


You can assign your RADIUS Server under the AAA Profile that is associated with the VAP you are working with

Configuration > All Profiles > AAA Profile > <AAA Profile Name> > 802.1X Authentication Server Group


You have to monitor your Access Tracker in order to know if the user requests are being received by the CPPM. If you see the user requests hitting the CPPM then you can start to create your services and at that point your client requests will be handled by the CPPM.


Assuming you are trying to do 802.1X authentication you can use an LDAP/AD account in order to access the SSID. Remember to setup an authentication source to get the user information from.


On the CPPM: Configuration > Authentication > Sources



Search Airheads
Showing results for 
Search instead for 
Did you mean: