Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass onboard

This thread has been viewed 14 times

  • 1.  Clearpass onboard

    Posted Aug 27, 2018 12:26 PM

    Hi All,

    I have one requirement for which I need understand the following points.

    • If I have to install Onboarding as add on feature over CPPM , I have to install guest license or without guest license onboarding will function.

    Let me explain the scenario well.

    The client will switch onto clearpass policy manager.  They want to create separate network for their contractors and they will bring own devices. The users will be defined in the clear pass not to be in AD. They want to deploy the network with weblogin rather then 802.1x. They decided to go with wired as well as wireless.But the user restriction will be based on the groups and that will be enforced in the form dacl or dynamic vlan. They prefer the latter option. The sponsor will raise request for the contractor access.

    1. In this case what would be the best combination.
    2. What features should be deployed. like onboard , onguard.
    3. How certificate will deployed, is it a good idea for contractor network.

    please suggest.



  • 2.  RE: Clearpass onboard

    EMPLOYEE
    Posted Aug 27, 2018 12:29 PM
    Onboard is for certificate enrollment.

    You do not need any licenses outside of Access to handle your workflow. No client certificates are used for your workflow.


  • 3.  RE: Clearpass onboard

    Posted Aug 28, 2018 04:33 AM

    I just need to understand that my requirement of creation of contractor network with the following requirement can be fufilled with CPPM.

    1. Web login

    2. Dynamic vlan or dynamic ACL

    3. Access on wired and wireless media

     

     

    Regards

    Somnath



  • 4.  RE: Clearpass onboard
    Best Answer

    EMPLOYEE
    Posted Aug 28, 2018 04:41 AM
    som24roy@gmail.com wrote:

    I just need to understand that my requirement of creation of contractor network with the following requirement can be fufilled with CPPM.

    1. Web login

    2. Dynamic vlan or dynamic ACL

    3. Access on wired and wireless media

     

     

    Regards

    Somnath

    Yes, your requirement can be achieved with CPPM Access license.



  • 5.  RE: Clearpass onboard

    Posted Aug 28, 2018 06:04 AM

    One more point I just need put forward.

    Here is the flow.

    Sponsor will request access for the contractor-> The request will provisioned and user created in CPPM-> The user id and pwd shared to the contractor-> They will be redirected and login with web-portal-> The CPPM will RFC communication to Juniper/Cisco devices for new vlan assignment(wired) and for wifi they should be mapped to the correct flexconnect local vlan-> They will be assigned new IP address.-> access to the partner.

    Is this entire thing will work with CPPM. Do I need anything else



  • 6.  RE: Clearpass onboard
    Best Answer

    EMPLOYEE
    Posted Aug 28, 2018 06:28 AM

    Your requirements will work with CPPM.

     

     

    I would recommend referring ClearPass-Solution-Guide-Wired-Policy-Enforcement for Cisco wired implementaiton.