SlideShare a Scribd company logo

Advanced Aruba ClearPass Workshop

Download as PPTX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Practice makes perfect - let's get together to walk through the Aruba ClearPass product in real-time to better understand all the configuration, monitoring and reporting options available. In this session you will be able to gather practical knowledge on how to use Clearpass features such as Single Sign-On (SSO), TACACS+, RADIUS return attributes and more. To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com

1 of 25
Advanced ClearPass – Workshop Ashwath Murthy March, 2014
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Agenda Discover  Monitor  Secure Network Security with ClearPass Deploying NAC with OnGuard Wired & Wireless NAC NAC – Best Practices TACACS+ for Network Device Security BYOD with Onboard Monitoring & Troubleshooting
3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security with ClearPass
4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Discover  Monitor  Secure • Discover – Discover via profiling • DHCP • Non-DHCP • Monitor – Enable policies in “Monitor” Mode • Secure – Secure Wireless, Wired and VPNs
5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired & Wireless • Strong Security with 802.1X – Enterprise Users – Need for strong, session-driven security • Captive Portals for Guest Access – Transient users such as Guests, Contractors – Limited network access zones – Weaker security settings • BYOD with unique credentials – Employee BYO Devices – Non-IT assets
6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired & Wireless • Authenticate & Authorize – Certificates – UserID/Password – Tokens/OTP
7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • Enable 802.1X on access ports • Allow fall-back to less secure modes of access – Limit network access • Segregate responsibilities – Aruba Roles – VLANs – ACLs/dACLs – Upstream enforcement with L3-L7 firewalls such as Palo Alto
8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • But I have older switches that do not support 802.1X! • Use SNMP to enforce port status – Set VLANs and Session-Timeout values – “Bounce” a port – Send LinkUp/LinkDown and MAC Notification Traps to ClearPass
9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • How will ClearPass set VLANs using SNMP? – Using the standard If-MIB • SNMP VLANs and MAC Authentication? What!? – Redirect the user to a captive portal after MAB – Authenticate & Authorize with the captive portal
10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless Access Security
11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – Enterprise • Enable 802.1X – WPA/WPA2 Enterprise – Session-based keys for secure connectivity – Terminate EAP on ClearPass – infrastructure is EAP- agnostic – Consistent user experience and security practice across deployments
12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – Guest • Enable Guest Access/MAC Authentication – This can be combined with a WPA/WPA2 Passphrase – Networks are inherently open unless secured! – Strong access restrictions • Tunneled VLANs • Stateful ACLs • DPI/Application Monitoring
13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – BYOD • What about BYO Devices? • BYO Devices on the enterprise network – Deliver certificates to BYO Devices using Onboard – Segregate responsibilities by identifying BYO Devices – Control device life cycle • BYO Devices on the guest network – Devices use a segregated guest network – Limited network access – Challenges with device life cycle
14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NAC is Back, Baby!!!
15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NAC • Agent Types – Persistent/Dissolvable • Posture Assessment – Windows, Mac, Linux – Agent Types – Health Check Options • Enforcement Options – Role-based – Application-based – To remediate, or not to remediate? • Wired NAC vs. Wireless NAC • NAC for VPN • Best Practices, Thoughts
16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf TACACS+ for Network Devices
17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf TACACS+ • TACACS+ Authentication – Console, Shell, UI Login • TACACS+ Authorization – Command Authorization – Command Levels • TACACS+ Accounting – Accounting & Audit Trails – Authorization vs. Accounting • Vendor Specifics – TACACS+ Dictionaries
18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf BYOD with Onboard
19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf BYOD with Onboard • CA Settings – Stand-alone CA – Intermediate CA – ADCS • Configuration Payloads – iOS & Mac OS X – Microsoft Windows – Android • Provisioning Settings – TLS? PEAP-MSCHAPv2? – Security Settings – Certificate Renewal
20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting
21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting • Monitoring on ClearPass – Access Tracker • Alerts Tab • Accounting Tab • “Show Logs” – Analysis & Trending • Drill Down – Policy Simulation – Authentication Simulation – Insight
22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting • External Monitoring – SIEM with Syslog/APIs – SNMP – SQL Access
23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Q & A
24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Thank You #AirheadsConf
25

Recommended

ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 

Recommended

ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview Aruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APAruba, a Hewlett Packard Enterprise company
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Multi-Vendor Access Network Management with Aruba Airwave
Multi-Vendor Access Network Management with Aruba AirwaveMulti-Vendor Access Network Management with Aruba Airwave
Multi-Vendor Access Network Management with Aruba AirwaveAruba, a Hewlett Packard Enterprise company
 
Network management with Aruba AirWave
Network management with Aruba AirWaveNetwork management with Aruba AirWave
Network management with Aruba AirWaveAruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xAruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

What's hot (20)

BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster Manager
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Multi-Vendor Access Network Management with Aruba Airwave
Multi-Vendor Access Network Management with Aruba AirwaveMulti-Vendor Access Network Management with Aruba Airwave
Multi-Vendor Access Network Management with Aruba Airwave
 
Network management with Aruba AirWave
Network management with Aruba AirWaveNetwork management with Aruba AirWave
Network management with Aruba AirWave
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 

Viewers also liked

The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...Aruba, a Hewlett Packard Enterprise company
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Hasan Zuberi
 
Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Aruba, a Hewlett Packard Enterprise company
 
Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)Rahul Neel Mani
 

Viewers also liked (20)

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
RF characteristics and radio fundamentals
RF characteristics and radio fundamentalsRF characteristics and radio fundamentals
RF characteristics and radio fundamentals
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplace
 
Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf ItalySelf-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
 
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
RF planning for high-densities of mobile devices and bandwidth-hungry mobile ...
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1
 
Fast-track your career by going from wireless to mobility engineer
Fast-track your career by going from wireless to mobility engineerFast-track your career by going from wireless to mobility engineer
Fast-track your career by going from wireless to mobility engineer
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 frames
 
Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...
 
Best Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiBest Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-Fi
 
Aruba Campus Wireless Networks
Aruba Campus Wireless NetworksAruba Campus Wireless Networks
Aruba Campus Wireless Networks
 
Network Management with Aruba AirWave
Network Management with Aruba AirWaveNetwork Management with Aruba AirWave
Network Management with Aruba AirWave
 
Wireless LAN & 802.11ac Wi-Fi Fundamentals
Wireless LAN & 802.11ac Wi-Fi FundamentalsWireless LAN & 802.11ac Wi-Fi Fundamentals
Wireless LAN & 802.11ac Wi-Fi Fundamentals
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)Mobile First Healthcare: Chris Kozup Aruba (HPE)
Mobile First Healthcare: Chris Kozup Aruba (HPE)
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 

Similar to Advanced Aruba ClearPass Workshop

ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014Marcello Marchesini
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 

Similar to Advanced Aruba ClearPass Workshop (20)

Remote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyRemote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf Italy
 
ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf Italy
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
Enabling the Virtual Enterprise
Enabling the Virtual EnterpriseEnabling the Virtual Enterprise
Enabling the Virtual Enterprise
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
Enabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your NetworkEnabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your Network
 
Shanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopShanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave Workshop
 
Instant overview gokul_rajagopalan
Instant overview gokul_rajagopalanInstant overview gokul_rajagopalan
Instant overview gokul_rajagopalan
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
2 top10 tips from aruba tac rizwan shaikh
2 top10 tips from aruba tac rizwan shaikh2 top10 tips from aruba tac rizwan shaikh
2 top10 tips from aruba tac rizwan shaikh
 
1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 

Advanced Aruba ClearPass Workshop

  • 1. Advanced ClearPass – Workshop Ashwath Murthy March, 2014
  • 2. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Agenda Discover  Monitor  Secure Network Security with ClearPass Deploying NAC with OnGuard Wired & Wireless NAC NAC – Best Practices TACACS+ for Network Device Security BYOD with Onboard Monitoring & Troubleshooting
  • 3. 3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security with ClearPass
  • 4. 4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Discover  Monitor  Secure • Discover – Discover via profiling • DHCP • Non-DHCP • Monitor – Enable policies in “Monitor” Mode • Secure – Secure Wireless, Wired and VPNs
  • 5. 5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired & Wireless • Strong Security with 802.1X – Enterprise Users – Need for strong, session-driven security • Captive Portals for Guest Access – Transient users such as Guests, Contractors – Limited network access zones – Weaker security settings • BYOD with unique credentials – Employee BYO Devices – Non-IT assets
  • 6. 6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired & Wireless • Authenticate & Authorize – Certificates – UserID/Password – Tokens/OTP
  • 7. 7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • Enable 802.1X on access ports • Allow fall-back to less secure modes of access – Limit network access • Segregate responsibilities – Aruba Roles – VLANs – ACLs/dACLs – Upstream enforcement with L3-L7 firewalls such as Palo Alto
  • 8. 8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • But I have older switches that do not support 802.1X! • Use SNMP to enforce port status – Set VLANs and Session-Timeout values – “Bounce” a port – Send LinkUp/LinkDown and MAC Notification Traps to ClearPass
  • 9. 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Network Security – Wired • How will ClearPass set VLANs using SNMP? – Using the standard If-MIB • SNMP VLANs and MAC Authentication? What!? – Redirect the user to a captive portal after MAB – Authenticate & Authorize with the captive portal
  • 10. 10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless Access Security
  • 11. 11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – Enterprise • Enable 802.1X – WPA/WPA2 Enterprise – Session-based keys for secure connectivity – Terminate EAP on ClearPass – infrastructure is EAP- agnostic – Consistent user experience and security practice across deployments
  • 12. 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – Guest • Enable Guest Access/MAC Authentication – This can be combined with a WPA/WPA2 Passphrase – Networks are inherently open unless secured! – Strong access restrictions • Tunneled VLANs • Stateful ACLs • DPI/Application Monitoring
  • 13. 13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Wireless – BYOD • What about BYO Devices? • BYO Devices on the enterprise network – Deliver certificates to BYO Devices using Onboard – Segregate responsibilities by identifying BYO Devices – Control device life cycle • BYO Devices on the guest network – Devices use a segregated guest network – Limited network access – Challenges with device life cycle
  • 14. 14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NAC is Back, Baby!!!
  • 15. 15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NAC • Agent Types – Persistent/Dissolvable • Posture Assessment – Windows, Mac, Linux – Agent Types – Health Check Options • Enforcement Options – Role-based – Application-based – To remediate, or not to remediate? • Wired NAC vs. Wireless NAC • NAC for VPN • Best Practices, Thoughts
  • 16. 16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf TACACS+ for Network Devices
  • 17. 17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf TACACS+ • TACACS+ Authentication – Console, Shell, UI Login • TACACS+ Authorization – Command Authorization – Command Levels • TACACS+ Accounting – Accounting & Audit Trails – Authorization vs. Accounting • Vendor Specifics – TACACS+ Dictionaries
  • 18. 18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf BYOD with Onboard
  • 19. 19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf BYOD with Onboard • CA Settings – Stand-alone CA – Intermediate CA – ADCS • Configuration Payloads – iOS & Mac OS X – Microsoft Windows – Android • Provisioning Settings – TLS? PEAP-MSCHAPv2? – Security Settings – Certificate Renewal
  • 20. 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting
  • 21. 21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting • Monitoring on ClearPass – Access Tracker • Alerts Tab • Accounting Tab • “Show Logs” – Analysis & Trending • Drill Down – Policy Simulation – Authentication Simulation – Insight
  • 22. 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Monitoring & Troubleshooting • External Monitoring – SIEM with Syslog/APIs – SNMP – SQL Access
  • 23. 23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Q & A
  • 24. 24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Thank You #AirheadsConf
  • 25. 25