This document provides instructions for integrating Aruba wireless controllers with ClearPass Policy Manager version 6.0.1. The 10 step process includes: 1) configuring the Aruba controller, 2) adding ClearPass as a RADIUS server, 3) creating server groups, 4) defining roles, 5) setting firewall policies, 6) configuring authentication profiles, 7) associating profiles with SSIDs, 8) configuring guest access in ClearPass, 9) testing the 802.1x SSID, and 10) testing the guest SSID. The document also covers advanced features like controller login authentication and RADIUS enforcement.
In centralized Aruba WLAN deployments, the mobility controller is the heart of the network. The controller operates as a stand-alone master, or in a master-local cluster. Aruba provides several redundancy models for deploying mobility controllers. Each of these options, including the choice to forgo redundancy, must be understood so that the correct choice can be made for each deployment model.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
AirWave can be optimally configured to manage Aruba infrastructure by:
1. Disabling SNMP rate limiting to improve polling intervals.
2. Entering required credentials like SNMP strings and Telnet/SSH credentials.
3. Setting recommended SNMP timeouts and retries.
4. Enabling support for channel utilization and statistics in AirWave and on Aruba controllers.
The document discusses guest access configuration using ArubaOS captive portal capabilities. It describes the captive portal authentication process which uses initial and post-authentication roles to redirect users to a login page after getting an IP address. Guest provisioning allows non-IT staff to create guest accounts using the internal database for authentication. Amigopod provides additional advanced guest management features while the base ArubaOS supports basic functionality with authentication to a single controller's internal database.
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
For WLANs to be able to reliably support mission-critical, high-throughput, or time-sensitive applications, RF interference must be continuously monitored. The WLAN must automatically and dynamically adapt to mitigate the effects of any interference in the environment. WLAN infrastructure has to provide the administrators with real-time, historical, and proactive visibility into the air to diagnose and mitigate interference. In this application note we will look at some of the tools that Aruba offers as a part of its WLAN solution that enable administrators to ensure reliable, high performing RF.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
The document provides information about Aruba Mobility Controllers, including:
- It describes the operating model, management, network services, aggregation, and network access functions of the Mobility Controller.
- It introduces the various Mobility Controller models including the 7200, 6000, 3000, and 600 series. The 7200 can support the most devices and tunnels while the 600 is designed for small branch offices.
- It explains the master/local controller hierarchy where one master distributes configuration to local controllers to reduce administrative overhead.
This document provides an overview and refresher on key concepts in 802.11 wireless networking, including:
- Wireless communications fundamentals like how channels work and the importance of avoiding co-channel interference
- Factors that impact wireless performance like available channels, channel widths, transmit power levels, and signal to noise ratios
- How lower signal to noise ratios can cause clients to downgrade their data rates, impacting overall channel performance
- A brief discussion of access point planning and placement as well as client roaming behaviors
In this presentation, we will be debugging Aruba RAP commands, run through troubleshooting and logs and tackle RAP clusters.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Aruba-Remote-Access-Point-RAP/td-p/310448
In centralized Aruba WLAN deployments, the mobility controller is the heart of the network. The controller operates as a stand-alone master, or in a master-local cluster. Aruba provides several redundancy models for deploying mobility controllers. Each of these options, including the choice to forgo redundancy, must be understood so that the correct choice can be made for each deployment model.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
AirWave can be optimally configured to manage Aruba infrastructure by:
1. Disabling SNMP rate limiting to improve polling intervals.
2. Entering required credentials like SNMP strings and Telnet/SSH credentials.
3. Setting recommended SNMP timeouts and retries.
4. Enabling support for channel utilization and statistics in AirWave and on Aruba controllers.
The document discusses guest access configuration using ArubaOS captive portal capabilities. It describes the captive portal authentication process which uses initial and post-authentication roles to redirect users to a login page after getting an IP address. Guest provisioning allows non-IT staff to create guest accounts using the internal database for authentication. Amigopod provides additional advanced guest management features while the base ArubaOS supports basic functionality with authentication to a single controller's internal database.
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
For WLANs to be able to reliably support mission-critical, high-throughput, or time-sensitive applications, RF interference must be continuously monitored. The WLAN must automatically and dynamically adapt to mitigate the effects of any interference in the environment. WLAN infrastructure has to provide the administrators with real-time, historical, and proactive visibility into the air to diagnose and mitigate interference. In this application note we will look at some of the tools that Aruba offers as a part of its WLAN solution that enable administrators to ensure reliable, high performing RF.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
The document provides information about Aruba Mobility Controllers, including:
- It describes the operating model, management, network services, aggregation, and network access functions of the Mobility Controller.
- It introduces the various Mobility Controller models including the 7200, 6000, 3000, and 600 series. The 7200 can support the most devices and tunnels while the 600 is designed for small branch offices.
- It explains the master/local controller hierarchy where one master distributes configuration to local controllers to reduce administrative overhead.
This document provides an overview and refresher on key concepts in 802.11 wireless networking, including:
- Wireless communications fundamentals like how channels work and the importance of avoiding co-channel interference
- Factors that impact wireless performance like available channels, channel widths, transmit power levels, and signal to noise ratios
- How lower signal to noise ratios can cause clients to downgrade their data rates, impacting overall channel performance
- A brief discussion of access point planning and placement as well as client roaming behaviors
In this presentation, we will be debugging Aruba RAP commands, run through troubleshooting and logs and tackle RAP clusters.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Aruba-Remote-Access-Point-RAP/td-p/310448
This document provides guidance on using the command line interface (CLI) for Aruba Instant. It describes how to enable SSH access to the CLI through the Instant UI. Once connected via SSH, the CLI session starts in privileged mode, where show, clear, ping and other commands are available. Configuration commands require entering configuration mode using the configure terminal command. The CLI supports scripting through various sub-modes to configure interfaces, SSIDs, rules, and security settings. Help is available using the question mark command.
This presentation will show you how to right size customer networks, take advantage of ARM, Band steering and Client Match. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/recording/4688596131469180162
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
ClearPass OnGuard agents perform endpoint posture assessment and ensure that compliance is met before granting access to the network. This session will cover the ClearPass OnGuard Agent components and work-flow in detail.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Security/Airheads-Tech-Talks-Understanding-ClearPass-OnGuard-Agents/td-p/524288
In this presentation, we will cover an overview of ArubaOS 8.x Licensing from Supported/ Unsupported Topology to Server Failover behaviour and license generation and transfer.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-How-Licensing-works-in/td-p/306162
This document describes the process for leveraging the ClearPass Guest captive portal to bypass the Captive Network Assistant (web sheet) that is displayed on iOS devices such as iPhone, iPad, and more recently, OS X machines running Lion (10.7) and above.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
Virtual Intranet Access (VIA) is part of the Aruba remote access solution that includes remote access points(RAPs), Aruba Instant (IAP),and the Remote Node solution. To address the demands of the current mobile workforce, which requires corporate access from hotspots such as those in airport, hotels, and coffee shops . The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones. This guide will walk through planning and deployment of the VIA solution.
ClearPass is a solution for managing Bring Your Own Device (BYOD) networks. It combines network access control, mobile device management, and mobile application management into a single system. This allows organizations to onboard personal devices, detect and profile devices on the network, set policies based on device attributes from MDM integrations, and control access to applications. The presentation discusses how ClearPass streamlines BYOD deployment by automating device provisioning and policy enforcement across networks, devices, and apps.
In this presentation, we will cover the Central platform which provides a standard Web-based interface that allows you to configure and monitor multiple Aruba Instant networks / Switches from anywhere with a connection to the Internet. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Cloud-Managed-Networks/Technical-Webinar-Aruba-Central-with-Instant-AP/td-p/429366
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
The document outlines an agenda for an Aruba Networks workshop on advanced ClearPass network security. The agenda includes sections on using ClearPass for wired and wireless network access control (NAC), TACACS+ device authentication, and bringing your own device (BYOD) integration using Onboard for certificate provisioning. Monitoring and troubleshooting ClearPass deployments is also discussed.
This Solution Guide describes best practices for implementing an Aruba 802.11 wireless network that supports thousands of highly mobile devices (HMDs) such as Wi-Fi phones, handheld scanning terminals, voice badges, and computers mounted to vehicles. It describes the design principles particular to keeping devices that are in constant motion connected to the network as well as best practices for configuring Aruba Networks controllers and the mobile devices. The comprehensive guide addresses six areas of network planning to ensure a high quality of service for roaming data and voice sessions: device configuration, airtime optimization, roaming optimization, IP mobility configuration, IP multicast configuration, and interference resistance. A detailed troubleshooting section covers common issues that arise with these types of WLANs.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
In this presentation, we will discuss the L3 Redundancy Requirement which primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Layer-3-Redundancy-for-Mobility-Master-ArubaOS/td-p/382029
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Moving towards a new Wi-Fi technology does not have to be too much of an undertaking. Of course, that's assuming great deal of planning and attention to detail in terms of defining the clear steps on how to get there. In this session we will discuss 802.11ac placement, Wi-Fi coverage and capacity planning for 802.11ac devices and how to take advantage of 802.11ac transmit beamforming
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
VIA configuration involves enabling the VPN server module, creating VIA user roles, authentication profiles, connection profiles, and associating connection profiles to user roles. It also includes configuring VIA web authentication and client WLAN profiles. Setting up these VIA components allows remote users to securely connect to an enterprise network using the VIA connection manager client.
This document provides an overview of Aruba ClearPass and its access management capabilities. It discusses ClearPass' policy model and how it uses context such as identity, device, and location to enable granular, role-based access policies. It covers ClearPass' authorization features and how it profiles devices to incorporate that data into policies. The document also reviews ClearPass clustering functionality and considerations for deployment and operations.
The document provides useful CLI commands for various functions on an Aruba network including:
- Enabling logging to troubleshoot processes like DHCP or user authentication.
- Checking interface, AP, and radio status and statistics.
- Viewing ARM neighbor reports and scan times.
- Examining user authentication details, roles, and dot1x configuration.
- Checking client connection details, data rates, and troubleshooting high retry counts or errors.
The document provides tips for troubleshooting and optimizing Aruba wireless networks. It discusses segmental troubleshooting of users, APs, controllers and processes. It also covers optimizing AP stability, system profiles and load on processes. Additionally, it provides guidance on datapath debugging, deployment tips and using the Aruba Support Assistant (ASE) for troubleshooting.
The existing channel and power assignment functions in ARM support channel scanning, channel assignment and power adjustments, locally. Decisions are made locally at the AP without looking at the entire network. Thanks to the dynamic machine learning techniques, AirMatch centralises this function in the Mobility Master while dynamically learning the network and adapting the RF planning for the entire network. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-What-does-AirMatch-do/td-p/314413
The document provides an overview of Aruba's networking portfolio including their Aruba CX switching portfolio, wireless access points, and network analytics engine. It summarizes the key features of Aruba's switching portfolio including their CX access and aggregation switches ranging from the CX 6100 to CX 8400. It also summarizes Aruba's wireless access point portfolio including their indoor, outdoor, and hospitality APs ranging from entry-level to high-performance 11ac and 11ax models. Finally, it briefly discusses Aruba's network analytics engine and cloud-native architecture.
This guide covers the deployment of Aruba WLAN in a typical campus network, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for a campus deployment and it explains the various configurations needed to implement the Aruba secure, high-performance, multimedia grade WLAN solution in large campuses.
The document provides instructions for configuring a Cisco 3750 switch to integrate with ClearPass Policy Manager (CPPM) for 802.1x, MAC, and downloadable access control list (DACL) authentication. Key steps include:
1. Configuring the switch interfaces, VLANs, and RADIUS settings to communicate with CPPM.
2. Creating 802.1x, MAC authentication, and DACL enforcement profiles in CPPM.
3. Associating the profiles in CPPM services and testing authentication of devices.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
This document provides guidance on using the command line interface (CLI) for Aruba Instant. It describes how to enable SSH access to the CLI through the Instant UI. Once connected via SSH, the CLI session starts in privileged mode, where show, clear, ping and other commands are available. Configuration commands require entering configuration mode using the configure terminal command. The CLI supports scripting through various sub-modes to configure interfaces, SSIDs, rules, and security settings. Help is available using the question mark command.
This presentation will show you how to right size customer networks, take advantage of ARM, Band steering and Client Match. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/recording/4688596131469180162
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
ClearPass OnGuard agents perform endpoint posture assessment and ensure that compliance is met before granting access to the network. This session will cover the ClearPass OnGuard Agent components and work-flow in detail.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Security/Airheads-Tech-Talks-Understanding-ClearPass-OnGuard-Agents/td-p/524288
In this presentation, we will cover an overview of ArubaOS 8.x Licensing from Supported/ Unsupported Topology to Server Failover behaviour and license generation and transfer.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-How-Licensing-works-in/td-p/306162
This document describes the process for leveraging the ClearPass Guest captive portal to bypass the Captive Network Assistant (web sheet) that is displayed on iOS devices such as iPhone, iPad, and more recently, OS X machines running Lion (10.7) and above.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
Virtual Intranet Access (VIA) is part of the Aruba remote access solution that includes remote access points(RAPs), Aruba Instant (IAP),and the Remote Node solution. To address the demands of the current mobile workforce, which requires corporate access from hotspots such as those in airport, hotels, and coffee shops . The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones. This guide will walk through planning and deployment of the VIA solution.
ClearPass is a solution for managing Bring Your Own Device (BYOD) networks. It combines network access control, mobile device management, and mobile application management into a single system. This allows organizations to onboard personal devices, detect and profile devices on the network, set policies based on device attributes from MDM integrations, and control access to applications. The presentation discusses how ClearPass streamlines BYOD deployment by automating device provisioning and policy enforcement across networks, devices, and apps.
In this presentation, we will cover the Central platform which provides a standard Web-based interface that allows you to configure and monitor multiple Aruba Instant networks / Switches from anywhere with a connection to the Internet. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Cloud-Managed-Networks/Technical-Webinar-Aruba-Central-with-Instant-AP/td-p/429366
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
The document outlines an agenda for an Aruba Networks workshop on advanced ClearPass network security. The agenda includes sections on using ClearPass for wired and wireless network access control (NAC), TACACS+ device authentication, and bringing your own device (BYOD) integration using Onboard for certificate provisioning. Monitoring and troubleshooting ClearPass deployments is also discussed.
This Solution Guide describes best practices for implementing an Aruba 802.11 wireless network that supports thousands of highly mobile devices (HMDs) such as Wi-Fi phones, handheld scanning terminals, voice badges, and computers mounted to vehicles. It describes the design principles particular to keeping devices that are in constant motion connected to the network as well as best practices for configuring Aruba Networks controllers and the mobile devices. The comprehensive guide addresses six areas of network planning to ensure a high quality of service for roaming data and voice sessions: device configuration, airtime optimization, roaming optimization, IP mobility configuration, IP multicast configuration, and interference resistance. A detailed troubleshooting section covers common issues that arise with these types of WLANs.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
In this presentation, we will discuss the L3 Redundancy Requirement which primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Layer-3-Redundancy-for-Mobility-Master-ArubaOS/td-p/382029
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Moving towards a new Wi-Fi technology does not have to be too much of an undertaking. Of course, that's assuming great deal of planning and attention to detail in terms of defining the clear steps on how to get there. In this session we will discuss 802.11ac placement, Wi-Fi coverage and capacity planning for 802.11ac devices and how to take advantage of 802.11ac transmit beamforming
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
VIA configuration involves enabling the VPN server module, creating VIA user roles, authentication profiles, connection profiles, and associating connection profiles to user roles. It also includes configuring VIA web authentication and client WLAN profiles. Setting up these VIA components allows remote users to securely connect to an enterprise network using the VIA connection manager client.
This document provides an overview of Aruba ClearPass and its access management capabilities. It discusses ClearPass' policy model and how it uses context such as identity, device, and location to enable granular, role-based access policies. It covers ClearPass' authorization features and how it profiles devices to incorporate that data into policies. The document also reviews ClearPass clustering functionality and considerations for deployment and operations.
The document provides useful CLI commands for various functions on an Aruba network including:
- Enabling logging to troubleshoot processes like DHCP or user authentication.
- Checking interface, AP, and radio status and statistics.
- Viewing ARM neighbor reports and scan times.
- Examining user authentication details, roles, and dot1x configuration.
- Checking client connection details, data rates, and troubleshooting high retry counts or errors.
The document provides tips for troubleshooting and optimizing Aruba wireless networks. It discusses segmental troubleshooting of users, APs, controllers and processes. It also covers optimizing AP stability, system profiles and load on processes. Additionally, it provides guidance on datapath debugging, deployment tips and using the Aruba Support Assistant (ASE) for troubleshooting.
The existing channel and power assignment functions in ARM support channel scanning, channel assignment and power adjustments, locally. Decisions are made locally at the AP without looking at the entire network. Thanks to the dynamic machine learning techniques, AirMatch centralises this function in the Mobility Master while dynamically learning the network and adapting the RF planning for the entire network. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-What-does-AirMatch-do/td-p/314413
The document provides an overview of Aruba's networking portfolio including their Aruba CX switching portfolio, wireless access points, and network analytics engine. It summarizes the key features of Aruba's switching portfolio including their CX access and aggregation switches ranging from the CX 6100 to CX 8400. It also summarizes Aruba's wireless access point portfolio including their indoor, outdoor, and hospitality APs ranging from entry-level to high-performance 11ac and 11ax models. Finally, it briefly discusses Aruba's network analytics engine and cloud-native architecture.
This guide covers the deployment of Aruba WLAN in a typical campus network, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for a campus deployment and it explains the various configurations needed to implement the Aruba secure, high-performance, multimedia grade WLAN solution in large campuses.
The document provides instructions for configuring a Cisco 3750 switch to integrate with ClearPass Policy Manager (CPPM) for 802.1x, MAC, and downloadable access control list (DACL) authentication. Key steps include:
1. Configuring the switch interfaces, VLANs, and RADIUS settings to communicate with CPPM.
2. Creating 802.1x, MAC authentication, and DACL enforcement profiles in CPPM.
3. Associating the profiles in CPPM services and testing authentication of devices.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
This document provides an overview of the ClearPass access management solution from Aruba, which includes ClearPass Policy Manager, ClearPass Guest, ClearPass Onboard, and ClearPass OnGuard. ClearPass Policy Manager acts as the core policy enforcement and authentication engine. ClearPass Guest enables secure guest access, ClearPass Onboard allows employees to securely onboard personal devices, and ClearPass OnGuard performs device posture checks. The document discusses how these ClearPass modules work together to provide flexible network access policies for BYOD, guests, and security compliance across wired and wireless infrastructures from multiple vendors.
This presentation will offer an overview on what are the frequently occurring 802.1x authentication based issues and how to quickly diagnose/troubleshoot the IAP WLAN network. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/register/5818157412807394306
In this presentation, we will cover authenticating guest users with ClearPass with Time Source authentication source and MAC- caching. Check out the webinar recording where this presentation was used:
http://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Guest-with-Mac/td-p/283101
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This document summarizes an Aruba Networks presentation on configuring access management with ClearPass. It outlines the agenda which includes reviewing an existing customer deployment, customer challenges and solutions, and a live configuration, authentication, and troubleshooting walkthrough. It then discusses the customer's existing 802.1X deployment and their new initiatives involving mobile device management, a Palo Alto firewall, and a visitor network with ClearPass guest. It explores how ClearPass can help integrate these solutions and limit access to only enrolled devices while applying granular policies. The presentation then demonstrates these concepts in a lab environment.
The document discusses Aruba's eSupport project which includes enhancing the Airheads community experience by integrating the support site, community, and partner center. It also discusses upcoming solutions like the Solutions Exchange for pre-building sample configurations and mentions the release of AOS 6.2.1.2. Various wireless issues and troubleshooting techniques are then covered such as reducing channel busy, fixing low SNR, and new troubleshooting tools in AOS 6.3 like client packet capture. Reminders are provided about resources such as the TAC quick reference guide, validated reference designs, and raising a support ticket.
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
The document discusses the configuration and testing of EAP-TLS and EAP-PEAP authentication between an Aruba controller and CPPM authentication server. It provides step-by-step instructions on setting up EAP-TLS and EAP-PEAP when the EAP tunnel is terminated on the CPPM server or Aruba controller. Troubleshooting tips are also included such as ensuring the correct certificates, authentication methods and services are configured on the controller, CPPM and client devices.
This document contains release notes for ClearPass 6.3.5. It includes new features for Policy Manager, MDM, and OnGuard. It also summarizes issues resolved in this release for Policy Manager, Guest, Insight, Onboard, OnGuard, and QuickConnect. The document provides information on upgrading and updating to the 6.3.5 release and describes enhancements and issues fixed in previous 6.3.x releases.
ClearPass 6.3.2 is a monthly patch release that provides new features and fixes issues. The document provides upgrade instructions, lists what's new in 6.3.2, enhancements in previous 6.3 releases, issues fixed in previous 6.3 releases, and known issues. Customers should review upgrade steps, plan for downtime, and apply latest updates before upgrading to 6.3.2.
The document provides release notes for ClearPass 6.4.2, including upgrade and update information, new features, issues resolved, known issues, and system requirements. It details what is new in 6.4.2 such as new Guest and OnGuard features, and issues fixed in areas like Policy Manager, Guest, Insight, and OnGuard. System requirements and supported browsers for ClearPass components are also outlined.
This document provides release notes for ClearPass 6.4.0, including information about:
1) New features such as enhancements to the Policy Manager, CLI, Guest, Insight, Native Dissolvable Agent, Onboard, and OnGuard.
2) Issues resolved in this release across various ClearPass components.
3) Known issues identified in previous releases of ClearPass that still exist.
ClearPass Onboard is a product from Aruba Networks that automates the provisioning of network access credentials and configuration settings for devices connecting to an enterprise network. It supports Windows, Mac OS X, iOS and Android devices connecting over wired, wireless and VPN connections. Key features include automatic configuration of network settings, provisioning of unique device credentials, and revocation of credentials for specific devices. The document provides deployment guidelines and configuration instructions for ClearPass Onboard.
This document provides steps to configure AirGroup with ClearPass 6.0.1, including:
1) Configuring the controller to support AirGroup RFC 3576 protocol.
2) Setting up ClearPass with an AirGroup AAA profile and registering the controller.
3) Creating local users in ClearPass for AirGroup administrators and operators and registering a shared device.
The document provides an overview of the Aruba S3500 Mobility Access Switch, including:
- A checklist of items included in the product package.
- A description of the front panel components such as Ethernet ports, SFP ports, LED indicators, and an LCD panel.
- Details on the 10/100/1000 Ethernet ports including pinouts for RJ-45 connectors.
- Information on the optional 1000BASE-X SFP ports and supported SFP modules.
- An explanation of the port LEDs and their status indicators for monitoring link, activity, speed, duplex, PoE, and port configuration.
This document provides installation and safety guidelines for the Ceragon Evolution IP-20LH product. It includes specifications for the hardware components, instructions for installation and replacement of cards and other parts, guidelines for cabling and power connection, and procedures for initial configuration and testing. Safety precautions are provided regarding electrical hazards, electromagnetic radiation, electrostatic discharge, and laser safety.
This document provides release notes for Aruba Instant 6.2.1.0-3.4, including new features, enhancements, resolved issues, known issues, and limitations. Key additions include support for lawful intercept and CALEA integration, L2TPv3 configuration, regular expressions in derivation rules, and dynamic CPU management. The release also improves PPPoE configuration, VPN failover handling, and authentication server settings.
The document provides an overview of preparing for and installing the Wonderware System Platform. It discusses prerequisites for installation, including SQL Server requirements. It describes the two types of installations available - product-based and role-based. It also covers installing prerequisites, selecting installation options, configuring databases and licenses, and upgrading installations.
The document provides an overview and installation instructions for the Aruba 650 Series controller. It describes the hardware features such as ports, LED indicators, and wireless radio specifications. It also covers safety compliance information and proper disposal of equipment according to regulations. Installation instructions include rack mounting, initial setup, and network connectivity.
This document provides an installation guide for the Aruba 650 Mobility Controller. It includes an overview of the Aruba 650 hardware, specifications, safety and compliance information. It also provides instructions for physically installing the controller, including rack mounting or tabletop deployment, and initial network connectivity setup. The guide contains information on the controller's ports, buttons, LED indicators and packaging contents to aid in the installation process.
The document provides an overview of the Aruba 7200 Series Controller including:
- It has dual-media ports that support either 1000Base-X fiber or 10/100/1000Base-T copper connections.
- It has 4 10GBase-X ports for fiber connectivity.
- The front panel has status LEDs for each port, power and system status, and an LCD panel for navigation and status.
The document provides information about Aruba VIA 2.0 Mac Edition, including an overview of how the VIA Connection Manager works to provide seamless connectivity between trusted and untrusted networks. It also contains installation instructions for the VIA Connection Manager software, and configuration instructions for the Aruba controller to set up and manage VIA connectivity. Sections include compatibility requirements, installing VIA, configuring VIA settings on the controller via the WebUI or CLI, and end user instructions for downloading, using, and uninstalling VIA.
This document provides an introduction to the Dekart RSA Cryptographic Provider. It discusses why information security is necessary in the modern digital world. It then describes how the Cryptographic Provider uses certificates, certification authorities, and public/private key cryptography to provide encryption, digital signatures, and other cryptographic functions. It also gives an overview of the Cryptographic Provider's hardware and software requirements, components, and capabilities.
This document contains proprietary information and instructions for operating a Zebra label printer. It discusses unpacking the printer, loading media and ribbon, making adjustments, troubleshooting issues, specifications, and includes various legal statements and copyright information. The document provides a user guide for a Zebra S400 or S600 label printer.
This document provides instructions for installing Oracle Application Express release 4.2 for Oracle Database 12c. Key aspects covered include:
- Understanding the multitenant architecture in Oracle Database 12c and how it impacts Application Express installation.
- Choosing between installing Application Express from the database and configuring either Oracle REST Data Services, the embedded PL/SQL Gateway, or Oracle HTTP Server.
- Required pre-installation tasks like checking database requirements and choosing a web listener.
- Post-installation tasks like creating a workspace, adding users, and converting between runtime and development environments.
This document provides a technical description of the FibeAir IP-20C product from Ceragon Networks. It includes details on the IP-20C's hardware architecture utilizing a unique MultiCore design with multiple modem and RFIC chipsets. The document also describes the IP-20C's innovative techniques for boosting network capacity and reducing latency such as Line of Sight MIMO, frame cut-through, and adaptive coding and modulation. Finally, the document outlines the IP-20C's management features, specifications, certifications, and supported Ethernet services.
This document is the user's guide for Oracle VM release 3.0.3. It provides an overview of Oracle VM and instructions for common management tasks like setting up storage, networks, server pools, and virtual machines. It also covers converting physical hosts to virtual machines using Oracle's P2V utility and includes troubleshooting guidance.
This document provides an overview and instructions for using Aruba Virtual Intranet Access (VIA) 2.0.1. VIA allows teleworkers and mobile users on Linux computers to securely connect to their corporate network from remote, untrusted locations. It detects the network environment and automatically connects users. The document covers installing and using the VIA application, and configuration steps for the Aruba controller. Troubleshooting tips and contact information are also included.
Similar to Aruba wireless and clear pass 6 integration guide v1.3 (20)
Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels. Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Airheads-Tech-Talks-Cloud-Guest-SSID-on-Aruba-Central/td-p/524320
Clustering is a new feature introduced in AOS 8.0 that enables seamless roaming of clients between APs, hitless client failover and load balancing of users across Mobility Controllers in the cluster. This solution provides the configuration required to create a cluster of Mobility Controllers that are managed by the same Mobility Master.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Airheads-Tech-Talks-Advanced-Clustering-in-AOS-8-x/td-p/506441
During this presentation, we will cover a deep dive into Aruba Central and its features. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Technical-Webinar-Advance-Aruba-Central/m-p/496064
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
This document discusses ArubaOS switch stacking, including:
- Backplane stacking allows connecting multiple switches together to simplify operations and optimize uplink usage.
- Topologies supported are chain, ring, and mesh, with ring and mesh recommended for redundancy.
- Key functions of stacking include topology discovery, electing a commander and standby, managing members, and handling splits.
- Specific switch models like the 3800 and 2900 series support backplane stacking of up to 10 units in ring topology with stacking throughput of up to 160Gbps.
In this presentation, we will discuss how IEEE standard 802.3ad and its implications allow third-party devices such as switches, servers, or any other networking device that supports trunking to interoperate with the distributed trunking switches (DTSs) seamlessly. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Technical-Webinar-LACP-and-distributed-LACP-ArubaOS-Switch/td-p/458170
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, e will discuss AirWave 10, a new software build that lets us streamline code, add performance, clustering. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Network-Management/Technical-Webinar-Introduction-to-AirWave-10/td-p/454762
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, we will discuss how Virtual Switching Framework (VSF) allows supported switches connected to each other through Ethernet connections (copper or fibre) to behave like a single chassis switch. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Controllerless-Networks/Technical-Webinar-Virtual-Switching-Framework-ArubaOS-Switch/td-p/445696
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, we will discuss how AirGroup configurations have changed to support hierarchical configuration in release 8.2. AirGroup configs will now be profile based and can be applied at any node. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AirGroup-profiling-changes-across-8-1-amp-8-2/td-p/417153
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, we will explore the RESTApi as the ClearPass API integrations and further developments are more focused to RESTApi than the other existing API services like xml-rpc, SOAP, etc.Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Security/Technical-Webinar-Getting-Started-with-the-ClearPass-REST-API/td-p/410214
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
During this webinar, we will discuss how starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode and the implications tied to that. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AP-Discovery-amp-Deployment-Policy-ArubaOS-8-x/m-p/394540/
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This document discusses managed device deployment at branch offices using Aruba branch controllers. It provides an overview of how branch controllers connect to a master controller via an internet modem and establish communication. It also covers branch controller and VPN concentrator configuration in Aruba OS versions 6.x and 8.x, including initial setup, zero touch provisioning, and debugging tools. Additional topics include address pool management for VLANs, tunnels, NAT, and DHCP to allow for dynamic IP assignment at branch office deployments.
This document provides an overview and introduction to the Aruba 8400 switch, which is designed for campus core and aggregation applications. It describes the hardware architecture including line cards, management modules, fabric modules, and power supplies. It also discusses the software architecture of ArubaOS-CX running on the 8400 and its high availability, programmability, security, and analytics capabilities. Example deployments of the 8400 as a campus core and aggregation solution are shown.
These slides were used during our Airheads Meetup Event at Jaarbeurs Utrecht on October 27th 2017.
If you have ideas, new speaker topics and recommendations for the events, please help us to improve for next year’s event by commenting on the community page: http://community.arubanetworks.com/t5/Wireless-Access/Airheads-Technical-Event-The-Netherlands-October-27th-2017/m-p/313566#M75870
These slides were used during our Airheads Meetup Event at Jaarbeurs Utrecht on October 27th 2017.
If you have ideas, new speaker topics and recommendations for the events, please help us to improve for next year’s event by commenting on the community page: http://community.arubanetworks.com/t5/Wireless-Access/Airheads-Technical-Event-The-Netherlands-October-27th-2017/m-p/313566#M75870
These slides were used during our Airheads Meetup Event at Jaarbeurs Utrecht on October 27th 2017.
If you have ideas, new speaker topics and recommendations for the events, please help us to improve for next year’s event by commenting on the community page: http://community.arubanetworks.com/t5/Wireless-Access/Airheads-Technical-Event-The-Netherlands-October-27th-2017/m-p/313566#M75870
The document discusses configuring different APIs in Aruba 8.x. It provides an overview of configuration and context APIs, including REST APIs and NBAPIs. It describes using APIs to get and set configuration parameters via the GUI, CLI, and curl commands. Examples are given of retrieving data via show commands and posting multiple configuration objects at once. The role of the NBAPI helper process in handling location context data is also summarized.
In this presentation, we will cover basic requirements and supported topologies for Multizone AP, how to bring up APs in multi version and how the AP's image upgrade differs in 8.x
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Multi-zone-AP-and-Centralized/td-p/308499
This webinar will cover how to bring up Aruba Mobility Master, Managed Device & Access Point and also go through some basic troubleshooting commands.Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Bringing-up-Aruba-Mobility/td-p/307599
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this presentation, we will run through the 8.x Architecture configuration model and share some UI navigation features such as managed controllers and spectrum monitoring, geolocation and maps.
Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-Aruba-8-x-Architecture/td-p/302349
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
More from Aruba, a Hewlett Packard Enterprise company (20)
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
3. Aruba Wireless and ClearPass 6| Integration Guide | 3
Contents
Audience
...........................................................................................................................................................................................................
8
Typographic
Conventions
.........................................................................................................................................................................
8
Contacting
Support
......................................................................................................................................................................................
9
1.
Aruba
Wireless
and
ClearPass
6.0.1
Integration
Guide
........................................................................................
10
Purpose
..........................................................................................................................................................................................................
10
Assumptions
................................................................................................................................................................................................
10
Step
1:
AOS
Controller
Configuration
...........................................................................................................................................
10
Step
2:
Adding
a
RFC
3576
Server
.................................................................................................................................................
12
Step
3:
Creating
a
new
Server
Group
for
ClearPass
...............................................................................................................
14
Step
4:
Create
a
Captive
Portal
role
..............................................................................................................................................
20
Step
5:
Pre-‐configured
Firewall
Policies
.....................................................................................................................................
25
Step
6:
Creating
AAA
Profiles
for
the
ClearPass
Guest
and
802.1x
SSID
.......................................................................
26
Step
7:
Associating
a
802.1x
SSID
and
Guest
SSID
with
AAA
Profiles
............................................................................
32
Step
8:
ClearPass
Guest
Setup
.........................................................................................................................................................
34
Basic
Guest
Registration
and
Login
configuration
......................................................................................................................
34
2.
ClearPass
Policy
Manager
Setup
...................................................................................................................................
39
Guest
SSID
Login
service
configuration
...........................................................................................................................................
44
3.
Testing
the
802.1x
and
Guest
SSID
...................................................................................................................................
48
Step
9:
Test
the
802.1x
SSID
.............................................................................................................................................................
51
Step
10:
Testing
the
Guest
SSID
......................................................................................................................................................
51
4.
Testing
the
MAC
Caching
.................................................................................................................................................
54
5.
Advanced
Features
............................................................................................................................................................
55
Controller
Management
Login
Authentication
with
ClearPass
Policy
Manager
...........................................................
55
RADIUS
Enforcement
(Generic)
configuration
.............................................................................................................................
55
6.
Troubleshooting
.................................................................................................................................................................
62
4. 4 | Aruba Wireless and ClearPass 6| Integration Guide
5. Aruba Wireless and ClearPass 6| Integration Guide | 5
Figures
Figure
1
Adding
a
RADIUS
Server
..........................................................................................................................................................................
11
Figure
2
RADIUS
Server
list
......................................................................................................................................................................................
11
Figure
3
RADIUS
server
IP
and
Key
entry
..........................................................................................................................................................
11
Figure
4
RFC
3576
Server
list
..................................................................................................................................................................................
12
Figure
5
Adding
a
RF
3576
Server
.........................................................................................................................................................................
13
Figure
6
RFC
3576
Server
IP
....................................................................................................................................................................................
13
Figure
7
Enter
the
RADIUS
shared
key
................................................................................................................................................................
14
Figure
8
ClearPass
Server
Group
...........................................................................................................................................................................
14
Figure
9
Adding
a
ClearPass
Server
Group
........................................................................................................................................................
15
Figure
10
ClearPass
Server
Group
list
.................................................................................................................................................................
15
Figure
11
Adding
a
ClearPass
RADIUS
Server
..................................................................................................................................................
16
Figure
12
Selecting
the
newly
created
ClearPass
Server
Group
...............................................................................................................
16
Figure
13
Select
Add
Server
ClearPass
button
.................................................................................................................................................
17
Figure
14
L3
Authentication
tab
.............................................................................................................................................................................
17
Figure
15
Select
Captive
Portal
Authentication
Profile
................................................................................................................................
18
Figure
16
Enter
a
new
Captive
Portal
profile
name
.......................................................................................................................................
18
Figure
17
Select
the
newly
created
Captive
Portal
Authentication
Profile
..........................................................................................
19
Figure
18
Captive
Portal
Authentication
Profile
login
page
IP
.................................................................................................................
19
Figure
19
Changing
"default"
server
group
to
the
newly
created
Captive
Portal
Authentication
Profile
server
name
...
20
Figure
20
The
newly
created
Captive
Portal
Authentication
Profile
server
Group
.........................................................................
20
Figure
21
User
Roles
tab
............................................................................................................................................................................................
21
Figure
22
Adding
a
User
Role
..................................................................................................................................................................................
21
Figure
23
Create
new
User
Role
Policy
...............................................................................................................................................................
22
Figure
24
Entering
the
Policy
Name
and
Policy
Type
...................................................................................................................................
22
Figure
25
Entering
the
ACL
(Access
Control
List)
field
names
.................................................................................................................
23
Figure
26
Firewall
policy
rule
Add
button
.........................................................................................................................................................
23
Figure
27
Adding
a
svc-‐https
(tcp
443
Service
ACL
.......................................................................................................................................
24
Figure
28
Accepting
the
ACL
rows
created
........................................................................................................................................................
24
Figure
29
User
Roles
Add
page
listings
...............................................................................................................................................................
24
Figure
30
Firewall
logon-‐control
(session)
policy
.........................................................................................................................................
25
6. 6 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
31
Firewall
“captiveportal
(session)”
policy
......................................................................................................................................
25
Figure
33
Firewall
Policies
list
................................................................................................................................................................................
26
Figure
33
Aruba_admin
captive
portal
being
chosen
....................................................................................................................................
26
Figure
34
Select
the
previously
configured
Captive
Portal
Profile
.........................................................................................................
26
Figure
35
Adding
a
ClearPass
Guest
Profile
......................................................................................................................................................
27
Figure
36
Changing
the
default
Initial
role
........................................................................................................................................................
27
Figure
37
RADIUS
Interim
Accounting
option
.................................................................................................................................................
28
Figure
38
Log
Accounting
Interim-‐Update
Packets
option
in
CPPM
......................................................................................................
28
Figure
39
MAC
Authentication
Profile
setting
=
default
..............................................................................................................................
29
Figure
40
MAC
Authentication
Server
Group
option
....................................................................................................................................
29
Figure
41
RADIUS
Accounting
Server
Group
option
.....................................................................................................................................
30
Figure
42
RFC
3576
for
this
AAA
Profile
............................................................................................................................................................
31
Figure
43
IP
address
of
your
ClearPass
server
................................................................................................................................................
31
Figure
44
Configuring
no
MAC
Authentication
Profile
.................................................................................................................................
32
Figure
45
Advanced
Services
All
Profiles
menu
..............................................................................................................................................
32
Figure
46
Advanced
Services
Wireless
LAN
Profile
.......................................................................................................................................
33
Figure
47
Advanced
Services
Virtual
AP
Profile
..............................................................................................................................................
33
Figure
48
Virtual
AP
Profile
modifications
........................................................................................................................................................
34
Figure
49
Policy
Manager
login
..............................................................................................................................................................................
34
Figure
50
ClearPass
Policy
Manager
Dashboard
.............................................................................................................................................
35
Figure
51
ClearPass
Guest
Quick
Link
.................................................................................................................................................................
35
Figure
52
ClearPass
Guest
administration
page
..............................................................................................................................................
36
Figure
53
ClearPass
Guest
Self-‐Registration
selection
.................................................................................................................................
36
Figure
54
ClearPass
Guest
Self-‐Registration
menu
........................................................................................................................................
37
Figure
55
NAS
Vendor
Settings
...............................................................................................................................................................................
37
Figure
56
Enable
guest
login
to
a
Network
Access
Server
..........................................................................................................................
38
Figure
57
ClearPass
Policy
Manager
Network
Devices
selection
............................................................................................................
39
Figure
58
Add
a
ClearPass
Policy
Manager
Network
Device
.....................................................................................................................
39
Figure
59
Configuring
a
ClearPass
Policy
Manager
Network
Device
.....................................................................................................
40
Figure
60
Aruba
802.1X
Wireless
'Start
Here'
selection
..............................................................................................................................
40
Figure
61
Naming
a
802.1X
Wireless
Service
...................................................................................................................................................
41
Figure
62
802.1X
Authentication
Methods
and
Sources
..............................................................................................................................
41
Figure
63
802.1X
Role
Mapping
Policy
................................................................................................................................................................
42
Figure
64
802.1X
Enforcement
configuration
..................................................................................................................................................
42
Figure
65
ClearPass
Policy
Manager
Reorder
menu
.....................................................................................................................................
43
7. Aruba Wireless and ClearPass 6| Integration Guide | 7
Figure
66
Reorder
Services
'Move
Up'
process
................................................................................................................................................
44
Figure
67
Guest
Access
With
MAC
Caching
.......................................................................................................................................................
44
Figure
68
Service
Rule
Guest
SSID
conditions
..................................................................................................................................................
45
Figure
69
Service
Rule
Guest
MAC
Authentication
conditions
.................................................................................................................
45
Figure
70
Adding
a
Local
User
Repository
Device
..........................................................................................................................................
45
Figure
71
Adding
a
Identity
Role
...........................................................................................................................................................................
46
Figure
72
Guest
SSID
Local
User
conditions
.....................................................................................................................................................
47
Figure
73
Configuring
Enforcement
Profiles
....................................................................................................................................................
48
Figure
74
Adding
a
new
Enforcement
Profile
..................................................................................................................................................
49
Figure
75
Enforcement
Profile
Attributes
..........................................................................................................................................................
49
Figure
76
Enforcement
Policies
rule
configuration
.......................................................................................................................................
50
Figure
77
Enforcement
Authenticated
Profile
Rules
Editor
.......................................................................................................................
50
Figure
78
Live
Monitoring
Access
Tracker
menu
...........................................................................................................................................
51
Figure
79
802.1x
SSID
RADIUS,
ACCEPT
WLAN
Enterprise
Service
......................................................................................................
51
Figure
80
MAC
Auth
REJECT
for
the
MAC
Caching
on
the
Guest
SSID
...................................................................................................
51
Figure
81
ClearPass
Guest
Login
............................................................................................................................................................................
52
Figure
82
ClearPass
Guest
Registration
..............................................................................................................................................................
52
Figure
83
ClearPass
Guest
Registration
Receipt
.............................................................................................................................................
52
Figure
84
RADIUS,
ACCEPT
configuration
for
a
newly
created
802.1x
SSID
Guest
account
........................................................
53
Figure
85
Successful
MAC
authentication
..........................................................................................................................................................
54
Figure
86
Adding
a
Controller
Management
Local
User
..............................................................................................................................
55
Figure
87
RADIUS
Enforcement
(Generic)
template
.....................................................................................................................................
55
Figure
88
RADIUS
Enforcement
(Generic)
Service
Rules
configuration
...............................................................................................
56
Figure
89
RADIUS
Enforcement
(Generic)
Authentication
configuration
...........................................................................................
56
Figure
90
RADIUS
Enforcement
(Generic)
Enforcement
configuration
...............................................................................................
57
Figure
91
RADIUS
Enforcement
(Generic)
Enforcement
Profile
Template
and
Name
...................................................................
57
Figure
92
RADIUS
Enforcement
(Generic)
Enforcement
Attribute
configuration
...........................................................................
57
Figure
93
RADIUS
Enforcement
(Generic)
Enforcement
configuration
Summary
..........................................................................
58
Figure
94
RADIUS
Enforcement
(Generic)
Rule
Conditions
and
Enforcement
Profiles
................................................................
59
Figure
95
RADIUS
Enforcement
(Generic)
Enforcement
Rules
Profile
Summary
............................................................................
59
Figure
96
RADIUS
Enforcement
(Generic)
Enforcement
Policy
Service
Creation
Flow
................................................................
60
8. 8 | Aruba Wireless and ClearPass 6| Integration Guide
Preface
Audience
This
Aruba
Wireless
and
ClearPass
6
Integration
Guideis
intended
for
system
administrators
and
people
who
are
integrating
Aruba
Networks
Wireless
Hardware
with
ClearPass
6.0.1.
Typographic
Conventions
The
following
conventions
are
used
throughout
this
manual
to
emphasize
important
concepts.
Type Style Description
Italics Used to emphasize important items and for the titles of books.
Boldface Used to highlight navigation in procedures and to emphasize command names and
parameter options when mentioned in text.
Sample template
code or HTML text
Code samples are shown in a fixed-width font.
<angle brackets> When used in examples or command syntax, text within angle brackets
represents items you should replace with information appropriate to your
specific situation. For example:
ping <ipaddr>
In this example, you would type “ping” at the system prompt exactly as shown,
followed by the IP address of the system to which ICMP echo packets are to be sent.
Do not type the angle brackets.
9. Aruba Wireless and ClearPass 6| Integration Guide | 9
Contacting
Support
Main
Site
arubanetworks.com
Support
Site
support.arubanetworks.com
Airheads
Social
Forums
and
Knowledge
Base
and
Knowledge
Base
community.arubanetworks.com
North
American
Telephone
1-‐800-‐943-‐4526
(Toll
Free)
1-‐408-‐754-‐1200
International
Telephones
http://www.arubanetworks.com/support-‐services/aruba-‐
support-‐program/contact-‐support/
Software
Licensing
Site
https://licensing.arubanetworks.com/
End
of
Support
information
www.arubanetworks.com/support-‐services/end-‐of-‐life-‐
products/end-‐of-‐life-‐policy/
Wireless
Security
Incident
Response
Team
(WSIRT)
http://www.arubanetworks.com/support-‐services/security-‐
bulletins/
Support
Email
Addresses
Americas
and
APAC
support@arubanetworks.com
EMEA
emea_support@arubanetworks.com
WSIRT
Email
Please
email
details
of
any
security
problem
found
in
an
Aruba
product.
wsirt@arubanetworks.com
10. 10 | Aruba Wireless and ClearPass 6| Integration Guide
1. Aruba
Wireless
and
ClearPass
6.0.1
Integration
Guide
Purpose
The
purpose
of
this
document
is
to
provide
instructions
for
integrating
Aruba
Networks
Wireless
Hardware
with
ClearPass
6.0.1.
This
will
include
basic
topics
for
802.1x,
RADIUS,
and
Guest
integration
in
an
environment
using
an
Aruba
Networks
WLAN
Solution.
Assumptions
1. Aruba
Networks
wireless
controller
is
setup
and
running
the
latest
code.
2. At
least
one
access
point
is
provisioned
on
the
controller
for
testing.
3. 802.1x
SSID
is
already
configured.
4. Guest
SSID
with
Captive
Portal
is
already
configured.
5. DHCP
and
DNS
are
appropriately
configured.
6. ClearPass
6.0.1
server
(VM
or
Physical
Appliance)
initial
setup
is
complete.
This
includes
network
settings,
time
and
date,
and
system
name.
7. Aruba
Wireless
controller
can
communicate
with
ClearPass
6.0.1.
8. The
Guest
SSID
VLAN
can
communicate
with
ClearPass
6.0.1.
9. All
systems
are
appropriately
licensed.
10. Only
one
interface
is
configured
on
ClearPass.
Step
1: AOS
Controller
Configuration
Login
to
the
controller
GUI
as
an
admin
user.
Navigate
to
Configuration-‐>Security-‐>Authentication-‐
>Servers
tab.
Click
on
RADIUS
Server
and
create
a
new
RADIUS
server
by
entering
the
new
RADIUS
server
reference
name
in
the
empty
Add
box
and
clicking
Add.
11. Aruba Wireless and ClearPass 6| Integration Guide | 11
Figure
1
Adding
a
RADIUS
Server
Click
on
the
new
server
name
that
shows
up
in
the
RADIUS
Server
list
on
that
page:
Figure
2
RADIUS
Server
list
Enter
the
IP
address
for
ClearPass
in
the
Host
field.
Enter
<aruba123>
for
the
key.
Click
Apply
at
the
bottom
of
the
page
to
save
these
configuration
settings.
Figure
3
RADIUS
server
IP
and
Key
entry
12. 12 | Aruba Wireless and ClearPass 6| Integration Guide
Step
2: Adding
a
RFC
3576
Server
The
next
step
is
to
add
an
RFC
3576
server
entry
for
ClearPass.
Click
on
RFC
3576
Server.
Figure
4
RFC
3576
Server
list
Enter
the
IP
address
of
ClearPass
in
the
entry
box
and
click
Add.
13. Aruba Wireless and ClearPass 6| Integration Guide | 13
Figure
5
Adding
a
RF
3576
Server
Click
on
the
IP
address
of
ClearPass
that
appears
in
the
left
column
under
RFC
3576
Server.
Figure
6
RFC
3576
Server
IP
You
will
be
presented
with
a
screen
in
the
right
column
that
looks
like
this:
14. 14 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
7
Enter
the
RADIUS
shared
key
1. You
MUST
enter
the
RADIUS
shared
key
into
the
key
boxes.
Enter
<aruba123>
in
both
boxes
and
click
Apply
at
the
bottom
of
the
page
to
save
the
changes.
Note:
This
step
is
extremely
important!
Step
3: Creating
a
new
Server
Group
for
ClearPass
The
next
step
is
to
create
a
new
Server
Group
for
ClearPass.
Click
on
Server
Group.
Figure
8
ClearPass
Server
Group
Enter
a
reference
name
for
your
ClearPass
Server
Group
in
the
empty
box
and
click
Add.
15. Aruba Wireless and ClearPass 6| Integration Guide | 15
Figure
9
Adding
a
ClearPass
Server
Group
Select
the
newly
created
Server
Group
on
the
right
under
Server
Group:
Figure
10
ClearPass
Server
Group
list
Click
New
and
select
the
ClearPass
RADIUS
server
from
the
previous
step.
16. 16 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
11
Adding
a
ClearPass
RADIUS
Server
Figure
12
Selecting
the
newly
created
ClearPass
Server
Group
2. Click
Add
Server.
Click
Apply
at
the
bottom
of
the
page
to
save
the
changes.
17. Aruba Wireless and ClearPass 6| Integration Guide | 17
Figure
13
Select
Add
Server
ClearPass
button
Captive
Portal
profile
Click
on
the
L3
Authentication
tab.
Figure
14
L3
Authentication
tab
Click
on
Captive
Portal
Authentication
Profile.
18. 18 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
15
Select
Captive
Portal
Authentication
Profile
Enter
a
new
Captive
Portal
profile
name
in
the
empty
box
and
click
Add.
Figure
16
Enter
a
new
Captive
Portal
profile
name
Select
the
newly
created
Captive
Portal
Authentication
Profile
under
Captive
Portal
Authentication
Profile
on
the
right.
19. Aruba Wireless and ClearPass 6| Integration Guide | 19
Figure
17
Select
the
newly
created
Captive
Portal
Authentication
Profile
There
are
two
things
we
need
to
change
on
this
profile.
3. Change
the
Login
page
to
http://10.1.1.20/guest/guest_register_login.php
(replacing
the
10.1.1.20
with
the
IP
address
of
your
ClearPass
6.0.1
server.
Figure
18
Captive
Portal
Authentication
Profile
login
page
IP
Click
Apply
at
the
bottom
to
save
the
changes.
4. Click
on
Server
Group
under
the
Captive
Portal
Authentication
Profile
and
change
the
Server
Group
from
default
to
the
Server
Group
that
you
created
for
ClearPass
in
the
previous
steps
and
click
Apply
at
the
bottom
of
the
page
to
save
the
changes.
20. 20 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
19
Changing
"default"
server
group
to
the
newly
created
Captive
Portal
Authentication
Profile
server
name
Figure
20
The
newly
created
Captive
Portal
Authentication
Profile
server
Group
Step
4: Create
a
Captive
Portal
role
Now
we
need
to
create
our
Captive
Portal
role,
which
is
the
role
that
clients
will
receive
when
they
connect
to
the
Guest
SSID.
Navigate
to
Configuration-‐>Security-‐>Access
Control-‐>User
Roles
tab.
Click
Add
to
create
a
new
User
Role.
21. Aruba Wireless and ClearPass 6| Integration Guide | 21
Figure
21
User
Roles
tab
Enter
a
name
like
<CPG-‐Login>
for
the
Role
Name
under
Firewall
Policies,
Click
Add.
Figure
22
Adding
a
User
Role
For
the
first
policy,
it
is
essentially
important
that
we
add
an
ACL
that
will
allow
our
Guest
user
to
access
ClearPass
6.0.1,
which
is
where
the
Captive
Portal
webpage
will
be
hosted.
Choose
the
radio
button
for
Create
New
Policy,
and
click
the
Create
button:
22. 22 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
23
Create
new
User
Role
Policy
Enter
and
select
the
following
information:
• Policy
Name:
<CP6-‐web-‐ACL>
• Policy
Type:
<Session>
Click
Add.
Figure
24
Entering
the
Policy
Name
and
Policy
Type
Select
and
enter
the
following
information
for
the
first
line
of
the
ACL:
• IP
Version:
<IPv4>
• Source:
<User>
• Destination:
host
§ Host
IP:
(the
IP
address
of
your
ClearPass
server)
• Service:
<service>
§ Service:
<svc-‐http
(tcp
80)>
23. Aruba Wireless and ClearPass 6| Integration Guide | 23
• Action:
<permit>
Figure
25
Entering
the
ACL
(Access
Control
List)
field
names
Click
Add
at
the
far
right
underneath
this
rule.
Figure
26
Firewall
policy
rule
Add
button
Click
Add
again
to
add
another
line
to
this
ACL,
identical
to
the
previous
line
except:
Choose
Service:
svc-‐https
(tcp
443
24. 24 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
27
Adding
a
svc-‐https
(tcp
443
Service
ACL
Click
Add
at
the
far
right
underneath
this
rule.
Figure
28
Accepting
the
ACL
rows
created
Click
Done
You
will
be
brought
back
to
the
Add
Role
page
where
you
were
creating
your
CPG-‐Login
User
Role.
Figure
29
User
Roles
Add
page
listings
25. Aruba Wireless and ClearPass 6| Integration Guide | 25
Step
5: Pre-‐configured
Firewall
Policies
The
Firewall
Policy
that
you
just
created
has
been
added
to
the
list.
Now
we
need
to
add
two
more
pre-‐
configured
Firewall
Policies.
Click
Add
under
Firewall
Policies.
Select
the
radio
button
for
Choose
From
Configured
Policies
and
select
the
policy
called
logon-‐control
(session).
Figure
30
Firewall
logon-‐control
(session)
policy
Click
Done
in
the
Firewall
Policies
section.
Click
Add
again
in
the
Firewall
Policies
section.
Select
the
radio
button
for
Choose
From
Configured
Policies
and
select
the
policy
called
captiveportal
(session).
Figure
31
Firewall
“captiveportal
(session)”
policy
26. 26 | Aruba Wireless and ClearPass 6| Integration Guide
Click
Done
in
the
Firewall
Policies
section.
Your
Firewall
Policy
should
look
like
this:
Figure
32
Firewall
Policies
list
NOTE:
The
Firewall
policy
order
MUST
place
“captive
portal”
at
the
bottom
of
the
list!
Scroll
down
this
page
to
the
Captive
Portal
Profile
section.
Select
the
previously
configured
Captive
Portal
Profile
from
the
drop-‐down
list.
Figure
33
Aruba_admin
captive
portal
being
chosen
Click
the
Change
button.
Figure
34
Select
the
previously
configured
Captive
Portal
Profile
Verify
that
the
“Not
Assigned”
has
changed
to
the
name
of
your
Captive
Portal
Profile.
Click
Apply
at
the
bottom
of
the
page
to
save
the
newly
created
User
Role.
Step
6: Creating
AAA
Profiles
for
the
ClearPass
Guest
and
802.1x
SSID
The
next
step
is
to
create
AAA
Profiles
for
the
ClearPass
Guest
and
802.1x
SSID.
Navigate
to
Configuration-‐>Security-‐>Authentication-‐>AAA
Profiles
tab.
Click
Add,
enter
a
name
for
the
ClearPass
Guest
Profile,
and
then
click
Add
again.
27. Aruba Wireless and ClearPass 6| Integration Guide | 27
Figure
35
Adding
a
ClearPass
Guest
Profile
Now
in
the
left
column,
click
on
the
new
profile
that
you
just
created.
Change
the
Initial
role
to
the
role
that
you
created
in
Step
4:
Create
a
Captive
Portal
role
page
20.
Figure
36
Changing
the
default
Initial
role
Tech
Tip:
On
this
page
you
will
see
an
option
for
RADIUS
Interim
Accounting.
This
should
be
checked
if
you
want
live
utilization
updates
in
ClearPass,
usually
used
to
control
guest
users
based
on
Bandwidth
Utilization.
28. 28 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
37
RADIUS
Interim
Accounting
option
Note:
This
also
needs
to
be
enabled
on
ClearPass.
In
ClearPass
Policy
Manager,
navigate
to:
Administration-‐>Server
Manager-‐>Server
Configuration-‐>Select
Server-‐>Service
Parameters-‐
>RADIUS
Server-‐>Log
Accounting
Interim-‐Update
Packets=”TRUE”.
Figure
38
Log
Accounting
Interim-‐Update
Packets
option
in
CPPM
Set
the
subsections
of
the
profile
as
described
below,
clicking
Apply
after
each
change:
MAC
Authentication
Profile:
default
29. Aruba Wireless and ClearPass 6| Integration Guide | 29
Figure
39
MAC
Authentication
Profile
setting
=
default
MAC
Authentication
Server
Group:
(Your
ClearPass
6.0.1
Server
Group)
Figure
40
MAC
Authentication
Server
Group
option
RADIUS
Accounting
Server
Group:
(Your
ClearPass
6.0.1
Server
Group)
30. 30 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
41
RADIUS
Accounting
Server
Group
option
Click
on
RFC
3576
for
this
AAA
Profile.
31. Aruba Wireless and ClearPass 6| Integration Guide | 31
Figure
42
RFC
3576
for
this
AAA
Profile
From
the
Add
a
profile
list,
select
the
IP
address
of
your
ClearPass
server
and
click
the
Add
button.
Figure
43
IP
address
of
your
ClearPass
server
Click
Apply
to
save
these
settings.
Repeat
Creating
AAA
Profiles
for
the
ClearPass
Guest
and
802.1x
SSID,
page
26,
to
create
the
AAA
Profile
for
the
802.1x
SSID.
The
only
difference
is
that
this
AAA
Profile
will
have
802.1x
settings
but
no
MAC
Authentication
Profile.
See
example
below:
32. 32 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
44
Configuring
no
MAC
Authentication
Profile
Step
7: Associating
a
802.1x
SSID
and
Guest
SSID
with
AAA
Profiles
The
next
step
is
to
associate
our
802.1x
SSID
and
Guest
SSID
with
the
AAA
Profiles
we
just
created.
Navigate
to
Configuration-‐>Advanced
Services-‐>All
Profiles.
Figure
45
Advanced
Services
All
Profiles
menu
33. Aruba Wireless and ClearPass 6| Integration Guide | 33
Expand
the
Wireless
LAN
section.
Figure
46
Advanced
Services
Wireless
LAN
Profile
Expand
the
Virtual
AP
profile
and
locate
your
Guest
and
802.1x
SSID
profiles.
Figure
47
Advanced
Services
Virtual
AP
Profile
Modify
each
Virtual
AP
profile
to
use
the
appropriate
AAA
Profile
that
you
created
in
the
previous
section.
34. 34 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
48
Virtual
AP
Profile
modifications
Make
sure
to
click
Apply
after
each
change.
Click
the
Save
Configuration
button
at
the
top
of
the
page
once
the
changes
are
completed.
Step
8: ClearPass
Guest
Setup
In
this
step
we
will
configure
basic
Guest
Registration
and
Login.
Basic
Guest
Registration
and
Login
configuration
Log
into
ClearPass
Policy
Manager
(https://<your-‐cp-‐ip-‐here>/tips).
Figure
49
Policy
Manager
login
35. Aruba Wireless and ClearPass 6| Integration Guide | 35
After
you
login,
you
will
see
the
ClearPass
Policy
Manager
Dashboard.
Figure
50
ClearPass
Policy
Manager
Dashboard
One
of
the
Dashboard
objects
is
Quick
Links.
Click
on
the
quick
link
for
ClearPass
Guest
Figure
51
ClearPass
Guest
Quick
Link
Clicking
this
link
will
automatically
log
you
into
the
ClearPass
Guest
administration
page.
Alternatively
you
could
enter
the
url
for
the
Guest
page)
(https//<your-‐cp-‐ip-‐here>/guest).
36. 36 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
52
ClearPass
Guest
administration
page
Navigate
to
Configuration-‐>Guest
Self-‐Registration.
Figure
53
ClearPass
Guest
Self-‐Registration
selection
Click
on
the
preconfigured
Guest
Self-‐Registration
profile.
This
will
reveal
several
options.
Click
Edit.
37. Aruba Wireless and ClearPass 6| Integration Guide | 37
Figure
54
ClearPass
Guest
Self-‐Registration
menu
In
this
guest
registration
profile,
it
is
necessary
to
enable
web
login.
Click
NAS
Vendor
Settings
from
the
edit
diagram:
Figure
55
NAS
Vendor
Settings
On
the
NAS
Login
settings
page,
check
the
checkbox
to
Enable
guest
login
to
a
Network
Access
Server.
It
will
prepopulate
the
settings
with
Aruba
Networks
NAS
settings.
38. 38 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
56
Enable
guest
login
to
a
Network
Access
Server
Click
Save
Changes.
39. Aruba Wireless and ClearPass 6| Integration Guide | 39
2. ClearPass
Policy
Manager
Setup
In
ClearPass
Policy
Manager,
navigate
to
Configuration-‐>Network-‐>Devices.
Figure
57
ClearPass
Policy
Manager
Network
Devices
selection
Click
Add
Device
in
the
top
right
corner
of
the
page.
Figure
58
Add
a
ClearPass
Policy
Manager
Network
Device
Enter
a
Name
and
the
IP
or
Subnet
address
for
your
Wireless
Controller.
For
the
RADIUS
Shared
Secret,
enter
<aruba123>
(the
same
shared
secret
we
used
in
the
Controller
setup
for
RADIUS
and
RFC
3576).
Select
Aruba
as
the
Vendor
Name,
and
check
the
box
to
Enable
RADIUS
CoA
40. 40 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
59
Configuring
a
ClearPass
Policy
Manager
Network
Device
Click
Add.
Navigate
to
Configuration-‐>Start
Here
and
select
Aruba
802.1X
Wireless.
Figure
60
Aruba
802.1X
Wireless
'Start
Here'
selection
Give
the
service
a
name
such
as
<WLAN
Enterprise
Service>.
41. Aruba Wireless and ClearPass 6| Integration Guide | 41
Figure
61
Naming
a
802.1X
Wireless
Service
Click
Next.
On
the
Authentication
tab,
Click
the
Select
to
Add
down
arrow
and
choose
[Local
User
Repository]
[Local
SQL
DB]
as
the
Authentication
Sources.
Figure
62
802.1X
Authentication
Methods
and
Sources
Click
Next.
42. 42 | Aruba Wireless and ClearPass 6| Integration Guide
For
initial
testing,
Role
mapping
Policy
will
not
be
used.
Click
Next
on
the
Roles
tab
at
the
bottom
right
corner
of
the
page
to
continue.
Figure
63
802.1X
Role
Mapping
Policy
On
the
Enforcement
tab,
no
changes
are
necessary.
Click
Next
at
the
bottom
right
corner
of
the
page
to
continue.
Figure
64
802.1X
Enforcement
configuration
Review
the
summary
and
click
Save.
Important!
You
must
move
the
WLAN
Enterprise
Service
above
any
generic
RADIUS
services
that
are
not
filtering
via
service
rules.
ClearPass
6.0.1
does
not
ship
with
any
generic
RADIUS
services
that
have
no
service
rules.
43. Aruba Wireless and ClearPass 6| Integration Guide | 43
Navigate
to
Configuration-‐>Services
and
select
Reorder
to
move
“WLAN
Enterprise
Service”
above
ANY
generic
RADIUS
services
that
are
not
filtering
via
service
rules.
Figure
65
ClearPass
Policy
Manager
Reorder
menu
Select
<WLAN
Enterprise
Service>
and
click
on
the
Move
up
button
to
position
above
ANY
generic
RADIUS
services
that
are
not
filtering
via
service
rules.
Note:
Do
NOT
move
any
services
you
create
ABOVE
the
initial
services
that
are
installed
with
ClearPass
Policy
Manager.
IF
you
add
a
service
and
move
it
ABOVE
the
initial
services
installed
your
newly
created
service
could
intercept
RADIUS
requests
that
“Guest
Mac
authentication”,
which
is
Mac
caching,
or
Onboarding,
and
AirGroup.
44. 44 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
66
Reorder
Services
'Move
Up'
process
If
you
are
running
the
beta
version
of
6.0,
you
may
not
have
the
Guest
MAC
Authentication
services.
If
this
is
the
case,
please
download
the
non-‐beta
version
of
6.0,
as
it
will
include
these
services
by
default.
Guest
SSID
Login
service
configuration
To
configure
the
Guest
SSID
Login
service,
navigate
to
Configuration-‐>Services.
Click
on
Guest
Access
With
MAC
Caching.
Figure
67
Guest
Access
With
MAC
Caching
Click
on
the
Service
tab.
In
order
to
get
this
service
to
respond
to
the
guest
SSID,
click
the
Radius:Aruba,
Aruba-‐Essid-‐Name,
EQUALS,
<Guest
SSID
Name>
row
under
Service
Rule
sub-‐tab
to
modify.
Replace
the
<Guest
SSID
Name>
with
the
actual
guest
SSID
used
on
the
controller.
In
the
example
below,
the
guest
SSID
is:
zj-‐cpg60
45. Aruba Wireless and ClearPass 6| Integration Guide | 45
Figure
68
Service
Rule
Guest
SSID
conditions
Click
Save
to
register
the
modifications
to
the
service.
Repeat
those
steps
for
the
Guest
MAC
Authentication
service:
Figure
69
Service
Rule
Guest
MAC
Authentication
conditions
The
next
step
is
to
add
a
User
Role.
Even
though
no
role
mapping
is
in
use
in
the
WLAN
Enterprise
Service,
a
user
role
must
be
created
for
any
local
user
account
added
into
the
Local
User
Repository.
Navigate
to
Configuration-‐>Identity-‐>Roles
Click
Add
Role
in
the
top
right
corner
of
the
page.
Figure
70
Adding
a
Local
User
Repository
Device
46. 46 | Aruba Wireless and ClearPass 6| Integration Guide
Enter
<TestRole>
as
the
name,
and
click
Save.
Figure
71
Adding
a
Identity
Role
Navigate
to
Configuration-‐>Identity-‐>Local
Users.
Click
Add
User.
Enter
the
following
information:
• User
ID:
<test>
• Name:
<Test
User>
• Password:
<test123>
• Verify
Password:
<test123>
• Enable
User:
check
box
<(Check
to
enable
local
user)>
• Role:
select
<TestRole>
from
the
drop
down
menu
47. Aruba Wireless and ClearPass 6| Integration Guide | 47
Figure
72
Guest
SSID
Local
User
conditions
Click
Add.
48. 48 | Aruba Wireless and ClearPass 6| Integration Guide
3. Testing
the
802.1x
and
Guest
SSID
At
this
point
testing
of
the
802.1x
and
Guest
SSID
could
commence.
However,
when
802.1x
is
tested
with
the
Test
User
account,
the
user
will
authenticate
but
receive
the
guest
role
on
the
controller.
This
is
because
an
Aruba
User
Role
is
not
being
passed
back
for
the
Test
User.
When
the
controller
receives
the
RADIUS
Accept
from
a
successful
authentication,
the
controller
will
give
the
client
the
default
802.1x
role
set
in
the
AAA
Profile.
In
order
to
pass
back
an
Aruba
User
Role,
an
Enforcement
Profile
must
be
built
and
the
Sample
Allow
Access
Policy
must
be
modified
to
send
this
Enforcement
Profile.
Navigate
to
Configuration-‐>Enforcement-‐>Profiles.
Figure
73
Configuring
Enforcement
Profiles
Click
Add
Enforcement
Profile
in
the
top
right
corner
of
the
page.
Give
it
a
name
like
<Aruba
Authenticated
Role>.
Make
sure
the
Template
selected
is
Aruba
RADIUS
Enforcement:
49. Aruba Wireless and ClearPass 6| Integration Guide | 49
Figure
74
Adding
a
new
Enforcement
Profile
Click
Next.
Click
on
“Enter
role
here”
and
enter
<authenticated>
in
the
Value
field
as
the
role
to
be
passed
back.
Then
click
on
the
disk
icon
to
save
the
line.
Click
Save.
Figure
75
Enforcement
Profile
Attributes
Tech
Tip:
Get
used
to
clicking
that
disk
icon.
Whenever
you
edit
a
line
like
this,
click
the
disk
icon
to
save
the
line,
or
else
your
change
may
not
get
saved.
Click
Next.
Click
Save.
Navigate
to
Configuration-‐>Enforcement-‐>Policies.
Click
on
the
“Sample
Allow
Access
Policy”
to
edit.
50. 50 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
76
Enforcement
Policies
rule
configuration
Click
on
the
Rules
tab.
Click
on
the
only
Condition
in
the
list
to
highlight
it,
and
click
Edit
Rule.
Select
the
Aruba
Authenticated
Profile
from
the
-‐-‐
Select
to
Add
-‐-‐
drop
down
menu
to
the
list
of
Enforcement
Profiles
that
will
be
executed
when
a
user
successfully
authenticates:
Figure
77
Enforcement
Authenticated
Profile
Rules
Editor
Click
Save
in
the
Rules
Editor
window.
Click
Save
in
the
lower
right
corner
of
the
page.
51. Aruba Wireless and ClearPass 6| Integration Guide | 51
Step
9: Test
the
802.1x
SSID
Connect
to
the
802.1x
SSID,
and
login
with
the
local
user
account
(NOT
the
guest
account)
created
in
the
ClearPass
Policy
Manager
setup.
Navigate
to
Monitoring-‐>Live
Monitoring-‐>Access
Tracker.
Figure
78
Live
Monitoring
Access
Tracker
menu
A
RADIUS,
ACCEPT
for
the
WLAN
Enterprise
Service
server
should
be
visible.
Figure
79
802.1x
SSID
RADIUS,
ACCEPT
WLAN
Enterprise
Service
Step
10: Testing
the
Guest
SSID
At
this
point,
both
the
802.1x
SSID
and
the
Guest
SSID
can
be
tested.
Start
by
testing
the
Guest
SSID.
In
ClearPass
Policy
Manager
navigate
to
Monitoring-‐>Live
Monitoring-‐>Access
Tracker.
When
your
device
first
connects
to
the
Guest
SSID
you
will
notice
a
MAC
Auth
REJECT.
This
is
for
the
MAC
Caching
on
the
Guest
SSID.
Figure
80
MAC
Auth
REJECT
for
the
MAC
Caching
on
the
Guest
SSID
Open
up
a
web
browser
on
your
device
that
just
connected.
It
should
redirect
you
to
the
Guest
Login
page.
Select
Click
Here
after
Need
an
account?
52. 52 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
81
ClearPass
Guest
Login
You
will
be
then
be
presented
with
the
Guest
Account
Creation
page.
Figure
82
ClearPass
Guest
Registration
Enter
the
information
(Email
Address
will
become
the
guest
username),
check
the
box
to
accept
the
terms
of
use,
and
click
Register.
You
will
then
be
presented
with
the
Guest
Registration
Receipt
that
shows
the
guest
username
and
password.
Figure
83
ClearPass
Guest
Registration
Receipt
Clicking
Log
In
button
will
automatically
submit
these
credentials
to
the
wireless
controller’s
internal
captive
portal,
which
will
create
a
RADIUS
request
with
the
Authentication
Method
PAP.
This
request
will
hit
the
Guest
SSID
Login
Service
that
was
created
in
ClearPass
Policy
Manager
in
the
previous
step.
53. Aruba Wireless and ClearPass 6| Integration Guide | 53
After
logging
in
on
the
test
device,
return
to
Access
Tracker
in
ClearPass
Policy
Manager.
Notice
the
RADIUS
ACCEPT
entry
for
test@test.com:
Figure
84
RADIUS,
ACCEPT
configuration
for
a
newly
created
802.1x
SSID
Guest
account
STOP!
Wait
3
minutes
before
proceeding
to
the
next
step.
For
MAC
Caching,
the
service
queries
the
Insight
Database.
Information
is
pushed
to
the
Insight
Database
every
3
minutes.
54. 54 | Aruba Wireless and ClearPass 6| Integration Guide
4. Testing
the
MAC
Caching
The
next
steps
test
the
MAC
Caching.
1. SSH
to
your
controller
and
run:
show user-table | include <test@test.com>
command
where
<test@test.com>
is
the
802.1x
SSID
guest
user
created,
in
order
to
find
the
MAC
address
of
the
test
device.
2. Disable
the
wireless
on
the
test
device
and
run:
aaa user delete mac <00:aa:22:bb:44:cc>
command
where
<00:aa:22:bb:44:cc>
is
the
MAC
address
returned
from
the
show
user-‐table
command.
3. Re-‐enable
the
wireless
on
the
test
device.
Now
in
Access
Tracker
you
will
see
a
successful
MAC
authentication.
Figure
85
Successful
MAC
authentication
55. Aruba Wireless and ClearPass 6| Integration Guide | 55
5. Advanced
Features
Controller
Management
Login
Authentication
with
ClearPass
Policy
Manager
In
ClearPass
Policy
Manager,
navigate
to
Configuration-‐>Identity-‐>Roles.
Click
Add
Roles.
Create
a
new
role
called
ControllerMgmt.
Navigate
to
Configuration-‐>Identity-‐>Local
Users.
Click
Add
User.
Enter
the
information
from
Figure
86
Adding
a
Controller
Management
Local
User,
using
whatever
you
want
for
the
password
(this
will
be
the
login
and
password
for
managing
the
controller).
Figure
86
Adding
a
Controller
Management
Local
User
Click
Add
to
save
this
user
account.
RADIUS
Enforcement
(Generic)
configuration
Navigate
to
Configuration-‐>Start
Here.
Scroll
down
the
right
main
column
and
click
on
RADIUS
Enforcement
(Generic).
Figure
87
RADIUS
Enforcement
(Generic)
template
Service
Give
the
service
a
name
such
as
<Aruba
Controller
Management
Login>.
Add
the
Service
Rules
from
Figure
88
RADIUS
Enforcement
(Generic)
Service
Rules
configuration
below
for
each
Service
Rule
by
selecting
from
each
of
their
corresponding
drop
down
arrow
menu
settings.
56. 56 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
88
RADIUS
Enforcement
(Generic)
Service
Rules
configuration
Remember
to
click
the
disk
at
the
end
of
each
Service
Rule
in
order
to
save
the
line
configuration.
Click
Next.
Authentication
For
Authentication
Methods,
Click
the
Select
to
Add
drop
down
arrow
and
choose
[MACHAP].
For
Authentication
Sources,
Click
the
Select
to
Add
drop
down
arrow
and
choose
[Local
User
Repository]
[Local
SQL
DB].
Figure
89
RADIUS
Enforcement
(Generic)
Authentication
configuration
Click
Next.
Roles
Tech
Tip:
You
could
use
a
Role
Mapping
Policy,
but
it
is
not
required.
It
would
be
required
if
the
Authentication
source
was
Active
Directory,
in
which
case
you
would
create
a
Role
Mapping
rule
that
would
look
for
the
following
configuration:
Authorization:
SomeADServer:MemberOf:Contains:IT-‐Admins;
Role
Name:
ControllerMgmt
Click
Next.
57. Aruba Wireless and ClearPass 6| Integration Guide | 57
Enforcement
On
the
Enforcement
tab,
Click
Add
new
Enforcement
Policy.
Give
the
new
Enforcement
Policy
a
name
like
<Controller
Login
Enforcement>.
Figure
90
RADIUS
Enforcement
(Generic)
Enforcement
configuration
Click
Add
new
Enforcement
Profile.
Use
the
Aruba
RADIUS
Enforcement
template.
Enter
a
name
for
the
Enforcement
Profile
such
as
<Aruba
MGMT
Root
User>.
Figure
91
RADIUS
Enforcement
(Generic)
Enforcement
Profile
Template
and
Name
Click
Next.
Add
each
Attribute
from
Figure
92
RADIUS
Enforcement
(Generic)
Enforcement
Attribute
configuration
below
by
selecting
from
each
of
their
corresponding
drop
down
arrow
menu
settings
except
for
Value.
Enter
root
in
the
Value
field
column.
Note:
Aruba-‐User-‐Role
is
changed
to
Aruba-‐Admin-‐Role
Figure
92
RADIUS
Enforcement
(Generic)
Enforcement
Attribute
configuration
58. 58 | Aruba Wireless and ClearPass 6| Integration Guide
Remember
to
click
the
disk
at
the
end
of
each
Attribute
in
order
to
save
the
line
configuration.
Click
Next.
Figure
93
RADIUS
Enforcement
(Generic)
Enforcement
configuration
Summary
Click
Save.
This
will
return
you
to
the
Enforcement
Policy
creation.
Change
the
Default
Profile
to
Deny
Access
Profile.
Click
Next.
On
the
Rules
tab,
click
Add
Rule.
Enter
the
values
from
Figure
94
RADIUS
Enforcement
(Generic)
Rule
Conditions
and
Enforcement
Profiles
below
for
each
Rules
Editor
Condition
column
by
selecting
their
corresponding
drop
down
arrow
menu
settings.
59. Aruba Wireless and ClearPass 6| Integration Guide | 59
Figure
94
RADIUS
Enforcement
(Generic)
Rule
Conditions
and
Enforcement
Profiles
Click
Save.
Click
Next.
Figure
95
RADIUS
Enforcement
(Generic)
Enforcement
Rules
Profile
Summary
Click
Save
to
log
the
Enforcement
Policy.
The
newly
created
Enforcement
Policy
should
automatically
be
selected
for
the
Service
in
the
Service
creation
flow.
Click
Next.
60. 60 | Aruba Wireless and ClearPass 6| Integration Guide
Figure
96
RADIUS
Enforcement
(Generic)
Enforcement
Policy
Service
Creation
Flow
Click
Save.
Note:
Reorder
the
service
so
that
it
is
above
the
Guest
Access
With
MAC
Caching
service.
Click
Save.
Management Authentication Servers
Login
to
the
Aruba
Controller
Interface
Navigate
to
Configuration-‐>Management-‐>Administration.
1. Change
Default
Role
to
no-‐access.
2. Check
the
checkbox
for
Enable.
61. Aruba Wireless and ClearPass 6| Integration Guide | 61
3. Check
the
checkbox
for
MSCHAPv2.
4. Change
the
Server
Group
to
the
ClearPass
Policy
Manager
server
group
created
earlier
in
this
document.
Important!
Leave
the
Allow
Local
Authentication
box
checked.
If
this
box
is
unchecked
and
there
is
a
problem
with
the
Management
Authentication
configuration,
you
will
not
be
able
to
login
to
the
controller
if
Allow
Local
Authentication
is
unchecked.
Click
Apply
to
save
these
settings.
Logout
of
the
controller
and
test
login
with
the
controller-‐root
test
user
created
earlier.
In
Access
Tracker
you
should
see
the
Type
=
RADIUS
and
Login
=
ACCEPT
for
the
controller-‐root
test
user:
62. 62 | Aruba Wireless and ClearPass 6| Integration Guide
6. Troubleshooting
Problem:
MAC
Caching
is
not
working.
Solution:
Check
the
Endpoints
Repository,
navigate
to
Configuration-‐>Identity-‐>Endpoints
for
the
device
in
question.
Click
on
the
device
and
verify
that
the
device
status
is
set
to
Known.
If
it
is
not,
verify
that
the
correct
controller-‐ip
vlan
has
been
set
on
the
wireless
controller.
Problem:
During
creation
of
Enforcement
Policy,
an
error
appears
when
trying
to
save:
Name
contains
special
characters…
Solution:
Creation
of
the
Enforcement
Policy
has
timed
out.
Click
Cancel,
then
create
the
Enforcement
Policy
again.