SlideShare a Scribd company logo

Advanced ClearPass Workshop

Download as PPTX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Workshop on ClearPass from our Airheads Local events.

Technology
1 of 23
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Advanced ClearPass - Workshop Ashwath Murthy June 2014
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Agenda • Discover  Monitor  Secure • Network Security with ClearPass • Deploying NAC with OnGuard – Wired & Wireless NAC – NAC – Best Practices • TACACS+ for Network Device Security • BYOD with Onboard • Monitoring & Troubleshooting
Network Security with ClearPass
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Discover  Monitor  Secure • Discover – Discover via profiling • DHCP • Non-DHCP • Monitor – Enable policies in “Monitor” Mode • Secure – Secure Wireless, Wired and VPNs
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired & Wireless • Strong Security with 802.1X – Enterprise Users – Need for strong, session-driven security • Captive Portals for Guest Access – Transient users such as Guests, Contractors – Limited network access zones – Weaker security settings • BYOD with unique credentials – Employee BYO Devices – Non-IT assets
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired & Wireless • Authenticate & Authorize – Certificates – UserID/Password – Tokens/OTP
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • Enable 802.1X on access ports • Allow fall-back to less secure modes of access – Limit network access • Segregate responsibilities – Aruba Roles – VLANs – ACLs/dACLs – Upstream enforcement with L3-L7 firewalls such as Palo Alto
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • But I have older switches that do not support 802.1X! • Use SNMP to enforce port status – Set VLANs and Session-Timeout values – “Bounce” a port – Send LinkUp/LinkDown and MAC Notification Traps to ClearPass
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • How will ClearPass set VLANs using SNMP? – Using the standard If-MIB • SNMP VLANs and MAC Authentication? What!? – Redirect the user to a captive portal after MAB – Authenticate & Authorize with the captive portal
Wireless Access Security
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – Enterprise • Enable 802.1X – WPA/WPA2 Enterprise – Session-based keys for secure connectivity – Terminate EAP on ClearPass – infrastructure is EAP- agnostic – Consistent user experience and security practice across deployments
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – Guest • Enable Guest Access/MAC Authentication – This can be combined with a WPA/WPA2 Passphrase – Networks are inherently open unless secured! – Strong access restrictions • Tunneled VLANs • Stateful ACLs • DPI/Application Monitoring
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – BYOD • What about BYO Devices? • BYO Devices on the enterprise network – Deliver certificates to BYO Devices using Onboard – Segregate responsibilities by identifying BYO Devices – Control device life cycle • BYO Devices on the guest network – Devices use a segregated guest network – Limited network access – Challenges with device life cycle
NAC is Back, Baby!!!
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved NAC • Agent Types – Persistent/Dissolvable • Posture Assessment – Windows, Mac, Linux – Agent Types – Health Check Options • Enforcement Options – Role-based – Application-based – To remediate, or not to remediate? • Wired NAC vs. Wireless NAC • NAC for VPN • Best Practices, Thoughts
TACACS+ for Network Devices
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved TACACS+ • TACACS+ Authentication – Console, Shell, UI Login • TACACS+ Authorization – Command Authorization – Command Levels • TACACS+ Accounting – Accounting & Audit Trails – Authorization vs. Accounting • Vendor Specifics – TACACS+ Dictionaries
BYOD with Onboard
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved BYOD with Onboard • CA Settings – Stand-alone CA – Intermediate CA – ADCS • Configuration Payloads – iOS & Mac OS X – Microsoft Windows – Android • Provisioning Settings – TLS? PEAP-MSCHAPv2? – Security Settings – Certificate Renewal
Monitoring & Troubleshooting
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Monitoring & Troubleshooting • Monitoring on ClearPass – Access Tracker • Alerts Tab • Accounting Tab • “Show Logs” – Analysis & Trending • Drill Down – Policy Simulation – Authentication Simulation – Insight
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Monitoring & Troubleshooting • External Monitoring – SIEM with Syslog/APIs – SNMP – SQL Access
#AirheadsLocal

Recommended

Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 

Recommended

Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
Aruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
Aruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time SourceEMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time Source
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
Aruba, a Hewlett Packard Enterprise company
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Aruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Ready
ReadyReady
Ready
eaze_50
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
Aruba, a Hewlett Packard Enterprise company
 
WLAN Design for Location
WLAN Design for LocationWLAN Design for Location
WLAN Design for Location
Aruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 
EMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time SourceEMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time Source
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 
Ready
ReadyReady
Ready
 

Viewers also liked

Viewers also liked (19)

The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
WLAN Design for Location
WLAN Design for LocationWLAN Design for Location
WLAN Design for Location
 
802.11ac Migration - Airheads Local
802.11ac Migration - Airheads Local802.11ac Migration - Airheads Local
802.11ac Migration - Airheads Local
 
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deploymentsEMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
 
EMEA Airheads- Instant AP traffic optimization
EMEA Airheads- Instant AP traffic optimizationEMEA Airheads- Instant AP traffic optimization
EMEA Airheads- Instant AP traffic optimization
 
Network management with Aruba AirWave
Network management with Aruba AirWaveNetwork management with Aruba AirWave
Network management with Aruba AirWave
 
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
 
EMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceEMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performance
 
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverEMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
 
RF characteristics and radio fundamentals
RF characteristics and radio fundamentalsRF characteristics and radio fundamentals
RF characteristics and radio fundamentals
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Fast-track your career by going from wireless to mobility engineer
Fast-track your career by going from wireless to mobility engineerFast-track your career by going from wireless to mobility engineer
Fast-track your career by going from wireless to mobility engineer
 
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introductionEMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 frames
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplace
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)
 

Similar to Advanced ClearPass Workshop

The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 

Similar to Advanced ClearPass Workshop (20)

Remote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyRemote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf Italy
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
 
NFV & SDN Customer Deployments
NFV & SDN Customer DeploymentsNFV & SDN Customer Deployments
NFV & SDN Customer Deployments
 
Instant overview gokul_rajagopalan
Instant overview gokul_rajagopalanInstant overview gokul_rajagopalan
Instant overview gokul_rajagopalan
 
ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals
 
Sydney UC - February 2015
Sydney UC - February 2015Sydney UC - February 2015
Sydney UC - February 2015
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
ClearPass_Design Info.pptx
ClearPass_Design Info.pptxClearPass_Design Info.pptx
ClearPass_Design Info.pptx
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf Italy
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 

Advanced ClearPass Workshop

  • 1. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Advanced ClearPass - Workshop Ashwath Murthy June 2014
  • 2. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Agenda • Discover  Monitor  Secure • Network Security with ClearPass • Deploying NAC with OnGuard – Wired & Wireless NAC – NAC – Best Practices • TACACS+ for Network Device Security • BYOD with Onboard • Monitoring & Troubleshooting
  • 4. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Discover  Monitor  Secure • Discover – Discover via profiling • DHCP • Non-DHCP • Monitor – Enable policies in “Monitor” Mode • Secure – Secure Wireless, Wired and VPNs
  • 5. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired & Wireless • Strong Security with 802.1X – Enterprise Users – Need for strong, session-driven security • Captive Portals for Guest Access – Transient users such as Guests, Contractors – Limited network access zones – Weaker security settings • BYOD with unique credentials – Employee BYO Devices – Non-IT assets
  • 6. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired & Wireless • Authenticate & Authorize – Certificates – UserID/Password – Tokens/OTP
  • 7. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • Enable 802.1X on access ports • Allow fall-back to less secure modes of access – Limit network access • Segregate responsibilities – Aruba Roles – VLANs – ACLs/dACLs – Upstream enforcement with L3-L7 firewalls such as Palo Alto
  • 8. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • But I have older switches that do not support 802.1X! • Use SNMP to enforce port status – Set VLANs and Session-Timeout values – “Bounce” a port – Send LinkUp/LinkDown and MAC Notification Traps to ClearPass
  • 9. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Network Security – Wired • How will ClearPass set VLANs using SNMP? – Using the standard If-MIB • SNMP VLANs and MAC Authentication? What!? – Redirect the user to a captive portal after MAB – Authenticate & Authorize with the captive portal
  • 11. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – Enterprise • Enable 802.1X – WPA/WPA2 Enterprise – Session-based keys for secure connectivity – Terminate EAP on ClearPass – infrastructure is EAP- agnostic – Consistent user experience and security practice across deployments
  • 12. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – Guest • Enable Guest Access/MAC Authentication – This can be combined with a WPA/WPA2 Passphrase – Networks are inherently open unless secured! – Strong access restrictions • Tunneled VLANs • Stateful ACLs • DPI/Application Monitoring
  • 13. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Wireless – BYOD • What about BYO Devices? • BYO Devices on the enterprise network – Deliver certificates to BYO Devices using Onboard – Segregate responsibilities by identifying BYO Devices – Control device life cycle • BYO Devices on the guest network – Devices use a segregated guest network – Limited network access – Challenges with device life cycle
  • 14. NAC is Back, Baby!!!
  • 15. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved NAC • Agent Types – Persistent/Dissolvable • Posture Assessment – Windows, Mac, Linux – Agent Types – Health Check Options • Enforcement Options – Role-based – Application-based – To remediate, or not to remediate? • Wired NAC vs. Wireless NAC • NAC for VPN • Best Practices, Thoughts
  • 17. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved TACACS+ • TACACS+ Authentication – Console, Shell, UI Login • TACACS+ Authorization – Command Authorization – Command Levels • TACACS+ Accounting – Accounting & Audit Trails – Authorization vs. Accounting • Vendor Specifics – TACACS+ Dictionaries
  • 19. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved BYOD with Onboard • CA Settings – Stand-alone CA – Intermediate CA – ADCS • Configuration Payloads – iOS & Mac OS X – Microsoft Windows – Android • Provisioning Settings – TLS? PEAP-MSCHAPv2? – Security Settings – Certificate Renewal
  • 21. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Monitoring & Troubleshooting • Monitoring on ClearPass – Access Tracker • Alerts Tab • Accounting Tab • “Show Logs” – Analysis & Trending • Drill Down – Policy Simulation – Authentication Simulation – Insight
  • 22. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Monitoring & Troubleshooting • External Monitoring – SIEM with Syslog/APIs – SNMP – SQL Access

Editor's Notes

  1. 30:24 – 32:44
  2. 30:24 – 32:44
  3. 30:24 – 32:44
  4. 30:24 – 32:44
  5. 30:24 – 32:44
  6. 30:24 – 32:44
  7. 30:24 – 32:44
  8. 30:24 – 32:44
  9. 30:24 – 32:44
  10. 30:24 – 32:44
  11. 30:24 – 32:44
  12. 30:24 – 32:44
  13. 30:24 – 32:44
  14. 30:24 – 32:44