Yes, certificates will be part of the labs, and I will try as much as possible to mention which type of certificates I will use and why.
If you want to get going today, please check the ClearPass Certificates 101 Technote, as available on arubanetworks.com/clearpassdocs
In general:
- RADIUS/EAP Server certificate: Use certificates issued by a private PKI/CA. Same certificate on all of your ClearPass servers
- RADIUS/EAP Client certificate (TLS): Get the certificates automatically enrolled / deployed from AD Group Policies/MDM solution, and issued from a private PKI/CA. Can be the same, or different one as the CA for the Server Cert. Unique certificate per client (or more if user+machine).
- Radsec: Follow the guidance for EAP: Private CA. For your Radsec clients, use factory certs where possible, or find another way to get a client certificate enrolled to your network devices, like through EST.
- Guest/Onboard: Use a public CA, so that unmanaged devices of your guests don't get certificate warnings. Wildcard Certificate will be fine here as you can use the same certificate on all of your servers.
- WebUI: Use the same as for Guest/Onboard, as there is only a single HTTPS Server Certificate that you can deploy (with 6.10 you can deploy two, one RSA, one ECDSA, but both are for the same purpose of HTTPS). Multi-SAN is a more affordable option if you don't have a wildcard yet.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 28, 2021 09:48 AM
From: Phillip Horn
Subject: Aruba ClearPass Workshop (Video Series 2021)
Herman,
This is great! Can you go over some details about certificates? There are certificates for the web, radsec, onboard, and maybe more (database cert for cluster, cert for deployment of the quick connect app?)
What certs do we need from the public ca vs what private ca is ok.
We have trouble with machine auth on WiFi and getting users authenticated because the machine can't connect then the user can't log on. Details there would be a good refresher as I go back through the config to see what's wrong.
thanks!!
------------------------------
Phillip Horn
Original Message:
Sent: May 28, 2021 03:10 AM
From: Herman Robers
Subject: Aruba ClearPass Workshop (Video Series 2021)
I'll start with the basics. If you have requests for advanced topics, let me know.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: May 27, 2021 12:42 PM
From: Pablo Almanza
Subject: Aruba ClearPass Workshop (Video Series 2021)
This is great Herman and looking forward to watch these videos. Let me also share that thanks to your videos its the reason that I have learned Clearpass.
Hopefully there may be some future advanced videos. 😃
Original Message:
Sent: May 27, 2021 10:03 AM
From: Herman Robers
Subject: Aruba ClearPass Workshop (Video Series 2021)
All, upon many requests I decided to start over with the ClearPass Workshop Series in a 2021 'reboot'.
The content is similar to the series published in 2017, but now with the current latest & greatest like ClearPass 6.10, Instant 8.8, and ArubaOS-CX Switching 10.7, and the 2021 insights.
Videos are planned on Wednesdays #workshopwednesday. I'll update this page to keep a track of videos while these are posted. Hope you enjoy the videos and they will be useful.
How do I configure 802.1X authentication? How do I configure Profiling, Onboard, Onguard? How to integrate with Active Directory, or deploy ClearPass Exchange?
In this workshop series, we will cover these and more topics by showing you how to set up a lab environment from scratch with ClearPass, Aruba Instant wireless, and the ArubaOS switches.
Index of videos:- Aruba ClearPass Workshop (2021) - Introduction - Where to get information and software (2021-05-26)
- Aruba ClearPass Workshop (2021) - Getting Started #1 - Deploying the ClearPass virtual machine in ESXi (2021-06-02)
- Aruba ClearPass Workshop (2021) - Getting Started #2 - Initial setup of the ClearPass Appliance (2021-06-09)
- Aruba ClearPass Workshop (2021) - Getting Started #3 - Installing the HTTPS Server Certificate on ClearPass (2021-06-16)
- Aruba ClearPass Workshop (2021) - Getting Started #4 - Building a ClearPass cluster (2021-06-23)
- Aruba ClearPass Workshop (2021) - Wireless Access #1 - Setting up 802.1X with Aruba Instant (basic) (2021-06-30)
- Aruba ClearPass Workshop (2021) - Wireless Access #2 - Installing the RADIUS Certificate on ClearPass (2021-06-30)
- Aruba ClearPass Workshop (2021) - Wireless Access #3 - Role-Based Access with Aruba Instant (2021-07-07)
The schedule or content may change without prior notice.
The 2017 version of the ClearPass Workshop is still here.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------