Aruba ClearPass Review

The OnGuard feature checks the compliance of corporate laptops and restricts network access for users who are not compliant with security policies.

What is most valuable?

Our company provides professional services and we implement the features based on the customer requirement. All the features in ClearPass are good and work the way they need to.

How has it helped my organization?

Based on our implementations for many customers, it seems that they're most interested in the OnGuard feature that checks the compliance of corporate laptops and which restricts network access for users who are not compliant with security policies.

The reporting feature in ClearPass has found devices that are non-compliant had has addressed issues during the initial implementation phase.

Our customers also often request the guest feature, which they find very useful.

What needs improvement?

The OnGuard agent requires some enhancements.

For how long have I used the solution?

We've used it for the last three years.

What was my experience with deployment of the solution?

It works best when you plan deployment according to device behavior while integrated in the network.

What do I think about the stability of the solution?

It's been generally stable.

What do I think about the scalability of the solution?

It scales well in our customer network environments.

How are customer service and technical support?

Our TAC is very responsive and very helpful. They are able to provide solutions for all the new requirements by creating customized SQL queries and configs.

Which solution did I use previously and why did I switch?

I worked initially with Cisco ISE, but I didn't really get to know it well. My company currently provides ClearPass solutions only.

How was the initial setup?

We plan deployments considering all the configuring that needs to be done on the other integrated devices. The setup always ends up smooth and straightforward.

What other advice do I have?

You should test all the requirements during the PoC itself so that the planning and deployment will be smooth.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're a distributor of Aruba and we provide professional services.
3 visitors found this review helpful
author avatarUser

We have Aruba ClearPass, AirWave, Aruba switches and APs which gives us very granular control in our environment. As long as we keep all Aruba products. We have a very clear view of what type of devices (BYOD or owned by our school district) are present in our environment and what has been in the environment. Clearpass allow us to see when and where a device attached to the network and gives a running log of who is on the network or trying to get on the network and the status of why they are failing to attach. If they are a bad actor we track down (yes sometimes sneaker net) the device using the Airwave and blacklist it from the system. We can track our roaming population to see where we have low signal to a single device or area due to placement/saturation in a specific area or "zone". Our largest zones allow for 3000 devices to connect simultaneously, we estimated up to 3 devices per user in common gathering areas for students and just stopped at 3000 in the high school gyms.
As we allow more devices at lower grades Clearpass allows us to open BYOD to a building, area in a building or to a single AP through policy management.
I am sure there are other solutions in the industry that will do the same as our Aruba system. We got in at a good price point, have had excellent support from our vendor and the devices we purchased over 5 years ago are all still in place and have allowed us to expand as we have needed. We have to started adding new AC APs and the hardware we currently own supports the upgrade. The software updates for the system have also not grown past supporting our original equipment, we are a school district so we do have some 8 year old devices still in service.

author avatarWiFiSuperman
ExpertTOP 5Real User

Also approaching any AAA-802.1x rollout hollistically and logically will help scalability and troubleshooting. Measure twice (or 3 times) cut once!

author avatarRajkumar Thakku

WPA2-Enterpsie 802.1x rollout also help in performance compare to WPA2-PSK

author avatarWiFiSuperman
ExpertTOP 5Real User

Can you please elaborate as to why. I am not disputing you just curious what your take is. Thanks!

author avatarRajkumar Thakku

i was under wrong impression that WPA2-Enterpsie will perform better than WPA2-PSK Authentication method. this paper says " plain PSK performs better than any
other public key based mechanisms"