New Contributor

Clearpass Policy Manager and Profiling Capabilities

Hello. I am an architect with an Aruba business partner who is just getting started with Clearpass. Done quite a bit of reading and will be taking Clearpass Essentials soon. I think I have a basic handle on what Clearpass does.


But what I'd like to understand in a little more detail is how Clearpass Profiling and Policy Management is typically used with some examples (please forgive me if this is not the right place to be asking such a question).


So correct me if I am wrong, but my sense is that one can use Clearpass to very effectively detect the type of device, OS, etc that is attempting network access (e.g. Samsung Smartphone with Android 6.0, Dell xxx laptop with Windows 10, etc) and that one can then decide whether to grant access based on the device type and OS.


But are there other more granular characteristics that are detected that can be used to profile and decide whether access should be granted? How about things like userid? Are there roles and can access be granted by roles or groups? Can access be granted but limited in certain ways by device or by role? For example, could a rule be created whereby only executives (defined by role) who have BYOD Samsung Galaxy S5 devices are granted network access?


Can anyone provide me with some good examples of how these capabilities are actually used?


Many thanks in advance.



Guru Elite

Re: Clearpass Policy Manager and Profiling Capabilities

User ID is an identity, not profiling data. ClearPass profiling is used to identify the type of device.

If you're new to the product, best to work with your Aruba Partner or account team.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Aruba Employee

Re: Clearpass Policy Manager and Profiling Capabilities

The accuracy of Profiling (identifying device types/categories) depends on multiple factors. You might want to get these two docs a read-through:


They discuss profiling mechanism we have in CPPM. Whatever those return can be used to define policies.


New Contributor

Re: Clearpass Policy Manager and Profiling Capabilities

Thank you. Really appreciate your time.

Search Airheads
Showing results for 
Search instead for 
Did you mean: