Security

Hi Everyone,

This is my first post and I am only about 2 weeks into my Aruba setup. I work for a large enterprise with 10000+ Cisco APs and we are switching to Aruba.

We are currently using Cisco ISE as a radius server for wireless clients. I want to use Clearpass as a webserver for my guest login page, but send the radius request to ISE to authenticate the users.

Can someone help me with the configuration on the Clearpass server for this? I have a certificate on the Clearpass server to avoid "untrusted cert" warnings... and I have captive portal confgured on my guest SSID on my master. I am having a hard time finding the right combination of settings on Web Login config page inside clearpass. Which vendor settings should I use and what do I need to put in those fields?

Sorry if im asking some noob questions, im new to this Aruba stuff :)

You should probably open a case with TAC for integration between ISE and ClearPass, because your advice would depend on your desired implementation.  Typically, you would just use ClearPass to interface with your domain to use Radius, and not forward anything onto ISE, as you would lose alot of attributes needed to make decisions.  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/ClearPass-Data-Management-interface-security/m-p/272463

In general, if you insisted on using ClearPass in front of ISE, you would use radius proxy, which would make things more complicated, IMHO.

Thanks Colin,

The eventual goal is to move to Clearpass away from ISE, however, for right now, im being told to set it up the way I described.