Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.
N/A
Cisco Catalyst 9800 Series Wireless Controllers
Score 8.9 out of 10
N/A
The Cisco Catalyst 9800-80 is a modular wireless controller with optional 100 Gigabit Ethernet (G) modular uplinks boasting seamless software updates for large enterprises and campuses, and security with ETA and SD-Access.
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
I think any size organization can benefit from them. The smaller "L" models work well for a smaller organization and of course, the same answer for the larger platforms. The failover/redundancy options are quite nice and the unified setup and UI is always nice for consistency.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
I think the updates are great. ISSU upgrading code is fantastic. I think the speed with which CAPWAP converges or reconverges, I think the redundancy mechanisms for roaming APs to other controllers is very good. I think overall, getting away from more of a monolithic processor where subprocesses handle what they call the WNCD tasks, I think fundamentally is an improvement in performance.
The radioactive tracing, all of the troubleshooting and all of the logging and all of the importing and exporting features for logging and analytics within the controller itself is really, really good compared to the predecessor AireOS.
The only downside I would say is the GUI performance is a little bit slow, even with a newer 9800, performance still lags a bit even compared to the previous generations. So I would like to see that improved. But aside from that, that's really the only issue that we have with it.
Despite common software and hardware issues this is still the best product on the market for large scale enterprise deployments. Cisco has worked with us extensively to reduce the amount of bugs in every iteration however new bugs are introduced or new incompatibilities always arise with major releases. Thus, while I'm hesitant to recommend the product it's still much better than all the other competitors such as Aruba and Juniper in the WIFi space. There is also extensive integration with DNAC/Catalyst Center and ISE in an SDA deployment. Recently there has been a number of critical issues with the controller software and Cisco has proved themselves to be incapable of timely troubleshooting and diagnosis. This has reduced our confidence in the product and it's current and future stability and maintainability. At it's current state the product is taking up too much of our engineering resources to maintain despite also paying for premium support from Cisco. As such I have reduced by rating as we are likely to look at alternative vendors for our long-term wireless management solution
Though Aruba ClearPass offers a lot of insight and features, it is not the easiest to navigate. A lot of other systems can be figured out as you go, but Aruba ClearPass often requires a lot of research in order to set something up correctly. It's not always easy to find what you're looking for. Once you learn the basics, it becomes a lot more manageable, but it's definitely worth investing in some sort of training.
Due to our HA set up we have always managed to access our wireless networks without problems, when issues occur. When we have lost access to the GUI, due to internal network problems, console access is always welcomed and brings with it the normal Cisco CLI syntax. From previous versions of CLI, it is now a lot simpler and reflects other Cisco products, making it easier to troubleshoot and navigate when necessary.
Monitoring is very good Seamless integration with Cisco ISE RRM configuration very easy. It has REST API support IOS-XE is very powerful operation system. Multicasting and mDNS features are really good and very easy to configure. It supports Pyats and Genie so getting constructed data from python script calls very helpful.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
Ubiquiti WLAN is very much a consumer platform. It is not production ready, it is buggy, it has issues. It is cheaper than Cisco, but you get what you pay for. Aruba doesn't integrate nicely with our existing largely Cisco based networks, so when time came to replace AireOS, the Cisco Catalyst 9800 Series Wireless Controllers came out on top.
ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
Positive impacts, yeah, is good to have a central location to control all these profiles for different countries and locations. And the drawback, like I said to you really because of the too many integrations that have a dependency on the software version. For example, Cisco ONE for Access have certain software that can run through and then this scatter center need to make sure it's working with the others APS version that is currently working. And we also, the Cisco Catalyst Center also have some kind another version of software that you need to support this controller. So it's like two tier three tiers of the software version that we need to match. Then only it can work.
