IOS Security from Cisco is network security technology.
N/A
HPE Aruba Networking ClearPass Policy Manager
Score 8.8 out of 10
N/A
The HPE Aruba Networking ClearPass Policy Manager provides role- and device-based network access control for employees, contractors and guests across multi-vendor wired, wireless and VPN infrastructures.
We used to access list remote login to the switches for only network admin from specific vlan. And allow some vendor server to connect for snmp messages. This has allowed us to monitor with external vendor while keeping security tight and audit for users. In other hand we had to use external solution for NAC
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
Cisco could provide an initial set up script for those are not used to the CLI (Command Line Interface). With that initial script, people could easily deploy the security features instead of having to learn how to use the commands.
The web interface that Cisco provides with the routers, although it’s useful to set up the security features, it could also have some sort of tutorials to help people understand the main concepts of iOS security.
You have to license iOS security separately from the main OS. For that reason, sometimes it tends to be a little expensive if you have a small business.
Cisco IOS Security usibility require a network administrator or an engineer with CCNA knowledge to know how to handle and configure Cisco IOS Security. The Cisco IOS Security usability once you know your way is smooth and very helpful. Even for new commands you can just type question mark and the new commands will pop on the screen.
Though Aruba ClearPass offers a lot of insight and features, it is not the easiest to navigate. A lot of other systems can be figured out as you go, but Aruba ClearPass often requires a lot of research in order to set something up correctly. It's not always easy to find what you're looking for. Once you learn the basics, it becomes a lot more manageable, but it's definitely worth investing in some sort of training.
Cisco has the best Support team that gives us 24/7 support as we need. Cisco has huge detailed documentation for design, implementation, and troubleshooting all areas of the IOS security. There are many communities discussing all Cisco devices and solutions for studying groups and for customers to share their stories, technical problem and solutions.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
IOS Security is a bonus feature when you purchase Cisco devices. It is great to have a vendor provide equipment to go above and beyond the minimal needs for business operation. Having security at the downstream edge of our organization provides a sense of ease from potential attacks.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
