Aruba ClearPass Review

The OnGuard feature checks the compliance of corporate laptops and restricts network access for users who are not compliant with security policies.


Valuable Features

Our company provides professional services and we implement the features based on the customer requirement. All the features in ClearPass are good and work the way they need to.

Improvements to My Organization

Based on our implementations for many customers, it seems that they're most interested in the OnGuard feature that checks the compliance of corporate laptops and which restricts network access for users who are not compliant with security policies.

The reporting feature in ClearPass has found devices that are non-compliant had has addressed issues during the initial implementation phase.

Our customers also often request the guest feature, which they find very useful.

Room for Improvement

The OnGuard agent requires some enhancements.

Use of Solution

We've used it for the last three years.

Deployment Issues

It works best when you plan deployment according to device behavior while integrated in the network.

Stability Issues

It's been generally stable.

Scalability Issues

It scales well in our customer network environments.

Customer Service and Technical Support

Our TAC is very responsive and very helpful. They are able to provide solutions for all the new requirements by creating customized SQL queries and configs.

Previous Solutions

I worked initially with Cisco ISE, but I didn't really get to know it well. My company currently provides ClearPass solutions only.

Initial Setup

We plan deployments considering all the configuring that needs to be done on the other integrated devices. The setup always ends up smooth and straightforward.

Other Advice

You should test all the requirements during the PoC itself so that the planning and deployment will be smooth.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're a distributor of Aruba and we provide professional services.
3 visitors found this review helpful
5 Comments
UserUser

We have Aruba ClearPass, AirWave, Aruba switches and APs which gives us very granular control in our environment. As long as we keep all Aruba products. We have a very clear view of what type of devices (BYOD or owned by our school district) are present in our environment and what has been in the environment. Clearpass allow us to see when and where a device attached to the network and gives a running log of who is on the network or trying to get on the network and the status of why they are failing to attach. If they are a bad actor we track down (yes sometimes sneaker net) the device using the Airwave and blacklist it from the system. We can track our roaming population to see where we have low signal to a single device or area due to placement/saturation in a specific area or "zone". Our largest zones allow for 3000 devices to connect simultaneously, we estimated up to 3 devices per user in common gathering areas for students and just stopped at 3000 in the high school gyms.
As we allow more devices at lower grades Clearpass allows us to open BYOD to a building, area in a building or to a single AP through policy management.
I am sure there are other solutions in the industry that will do the same as our Aruba system. We got in at a good price point, have had excellent support from our vendor and the devices we purchased over 5 years ago are all still in place and have allowed us to expand as we have needed. We have to started adding new AC APs and the hardware we currently own supports the upgrade. The software updates for the system have also not grown past supporting our original equipment, we are a school district so we do have some 8 year old devices still in service.

07 January 16
WiFiSupermanReal UserELITE SQUADTOP 5

Also approaching any AAA-802.1x rollout hollistically and logically will help scalability and troubleshooting. Measure twice (or 3 times) cut once!

11 May 16
Rajkumar ThakkuConsultant

WPA2-Enterpsie 802.1x rollout also help in performance compare to WPA2-PSK

05 May 17
WiFiSupermanReal UserELITE SQUADTOP 5

Can you please elaborate as to why. I am not disputing you just curious what your take is. Thanks!

10 May 17
Rajkumar ThakkuConsultant

i was under wrong impression that WPA2-Enterpsie will perform better than WPA2-PSK Authentication method. this paper says " plain PSK performs better than any
other public key based mechanisms" http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.8468&rep=rep1&type=pdf.

11 May 17
Guest
Sign Up with Email