Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and Central Integration

This thread has been viewed 24 times

  • 1.  ClearPass and Central Integration

    Posted Jun 27, 2017 12:37 PM

    Hey all,

     

    This may be a very straightforward question, but I am trying to watch out for any unseen "gotchas" before recommending this architecture.

     

    Are there any known issues with managing an IAP cluster via Central but handling the authentication through ClearPass? My understanding is that the external authentication server on the Central group just needs to be pointed at the ClearPass server, at which point this becomes more or less an Instant and ClearPass config and Central is no longer involved. Is that correct, or am I missing something?

     

    Any kind of VRD or recipe would be greatly appreciated.

     

    Thanks!



  • 2.  RE: ClearPass and Central Integration
    Best Answer

    EMPLOYEE
    Posted Jun 28, 2017 10:23 AM

    If you consider Central as a centralized replacement for the Instant local config, you are fully correct. Put the same configuration in Central as you would put in the Instant itself.

     

    To get ClearPass and Instant setup, you may check out the Guest parts of this video series: https://community.arubanetworks.com/t5/Security/Aruba-ClearPass-Workshop-Video-series/td-p/291597

     

    The videos show how to do it directly on Instant, the terminology and options are similar to Central (just looks different).

    One change is that with Aruba Central, there will be a certificate pushed to the IAP with the name securelogin.hpe.com, so where the video uses captiveportal-login.arubalab.com (or something similar), put the securelogin.hpe,com there.