Overview
This course prepares participants with foundational skills in network access control using the ClearPass product portfolio. This course includes both instructional modules and labs to teach participants about the major features of the ClearPass portfolio. Participants learn how to set up ClearPass as an AAA server, and configure the Policy Manager, Guest, OnGuard and Onboard feature sets. In addition, this course covers integration with external Active Directory servers and monitoring and reporting, as well as deployment best practices. The student gains insight into authentication configuration with ClearPass on both wired and wireless networks.
Prerequisites
- Any current Aruba ClearPass certification.
- Configuring HPE Aruba Networking ClearPass (CPC)
Delegates will learn how to
After successful completion of this course, you should be able to:
- Design a ClearPass cluster
- Design a high availability solution with virtual IP addresses following best practices
- Describe public key infrastructure and certificate format types
- Plan the certificates used by ClearPass
- Explain how enrollment over secure transport can automate the certificate generation process
- Leverage RADIUS services to handle corporate wireless connections
- Deploy WEBAUTH services to handle health checks
- Describe the proposed RADIUS services that handles guest wireless connections
- Explain general guest considerations
- Design guest RADIUS services
- Describe the proposed Onboard services
- Describe the MPSK feature
- Leverage these features in your deployment
- Plan a successful wired access deployment
- Provide administrative access control to ClearPass modules and NADs
- Generate custom reports and alerts
Outline
Network Requirements
- ClearPass goals
- Network topology
- List of available resources
- Scenario analysis
- Authentication requirements
- Multiple user account databases
- User account attributes
- High level design
PDI and Digital Certificates
- Certificate types
- PKI
- Certificate trust
- Certificate file formats
- ClearPass as CA
- Certificate use cases
- EAP
- HTTPS
- Service-based certificates
- Onboarding
- Clustering
- RadSec
- NAD Captive portal
- Installing certificates
- Enrollment over secure transport
Cluster Design
- ClearPass server placement
- Determine the layout of the cluster
- High availability schema
- Design high availability
- VIP failover
- VIP mapping
- Insight primary and secondary
Network Integration
- Authentication sources
- Local user repository
- Endpoint repository
- Admin user repository
- Guest user repository
- Guest device repository
- Onboard device repository
- Active Directory
- SQL server
- Define external servers
- Unified endpoint management
- Email server
- Endpoint profiling
- IF-MAP
- Active scans (SNMP)
- DHCP
- HTTPS
- Network devices
- RadSec
- Dynamic authorization
- Logging of RADIUS accounting
- Device groups
- Location attributes
- Policy simulation
Corporate Access Design
- Define the requirements
- High level design
- Services design
- Plan TIPs roles
- User authentication
- Machine authentication
- Tunneled EAP, EAP-TLS and protected EAP
- One versus multiple services
- Plan enforcement
- Device-groups based enforcement
- Service implementation
- OnGuard design and implementation
- Quarantine users
- Remediation
- Onboard design and implementation
- User and device authorization
- Informational pages
- Authorization validation
- Troubleshooting roles
Guest Access Design
- Guest network design
- Captive portal flow
- Design tasks
- Define web pages
- Guest services design
- Guest services
- Guest access controls
- Configure network access devices
- Guest account creation
- Guest self registration
- Guest sponsor approval
- Self registration AD drop-down list
- Requirements for guest enforcement
Multi Pre-Shared Key
- Define the requirements
- High level design
- Device authorization
- Service design and implementation
Wired Access
- AAA configuration
- 802.1X and MAC auth
- Using client profiling for authorization
- Using conflict attribute for authorization
- User roles configuration in ArubaOS-S
- User roles configuration in ArubaOS-CX
- Web fedirection
- Multi-service ports
- Downloadable user roles enforcement profiles
- Downloadable user roles configuration and validation
Wired Access
- TACACs+ based NAD administration
- TACACs+ command authorization
- Policy Manager administrators
- Guest and Onboard operators
- Register devices for MPSK
- Insight operators
- Insight reports and alerts
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.