Aruba ClearPass Reviews

23 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.1 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-6 of 6)

Companies can't remove reviews or game the system. Here's why.
June 07, 2020
Ryan Brunkhorst | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Clearpass is being used as our primary authentication platform for our university of around 4000 students and 1000 staff. It provides TACACS for management and radius services for 802.1X authentication for wireless and wired infrastructure. Additionally, we use the product for registering and managing guest wireless users and whitelisting IoT devices via a self-service portal that has Azure AD integration. These self-service options help reduce management overhead for IT staff and make the experience much more convenient for students.
  • Heavily extensible logic that can solve a myriad of authentication and authorization scenarios.
  • Extensive logging for troubleshooting services and device connections
  • Standards based and compatible with nearly any device capable of 802.1X.
  • Good user base for support and solutions.
  • Policy manager and guest sections of ClearPass are disjointed, and where they overlap isn't readily apparent.
  • Some changes require a full service restart which can take 5 to 10 minutes.
  • Documentation is a bit dense and hard to navigate.
ClearPass is well suited for 802.1X (PEAP or EAP-TLS) in wired and wireless scenarios. It can also do MAC authentication using its endpoint database. The fingerprinting is robust, as it can verify that a device is reported as the actual brand or model, instead of relying solely on MAC OUI. This is achieved by capturing DHCP request information that has been forwarded to the appliance. Using this information, extensive role mapping can be utilized in enforcement policies. For instance, you can apply one policy to a device that is considered a VoIP phone, but if you only want to target Polycom phones, that can be specified in the role mapping, which then can be enforced as a specific VLAN pushed to the switch port or a specific QoS policy. Downloadable user roles are another impressive feature of ClearPass which can be fully integrated with Aruba switches. Instead of deploying ACLs to switches, you can simply have the switch download the ACL from ClearPass. This helps with issues of management and scalability where extensive L3 segmentation is utilized across a network. Similarly, QoS and other options can also be included in download user roles. There are too many options to list all in this review. I liken the experience to a AAA Swiss Army Knife.

We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.
Read Ryan Brunkhorst's full review
September 08, 2020
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
This is the network access control system used for the organization. This system allows several different types of devices to easily connect to the network and get the proper access required for that individual or appliance. This solves a security issue that many organizations may face, properly restricting users or devices to only the resources they need.
  • Network access control
  • Guest network access
  • Network segmentation
  • More intuitive upgrade process.
  • Add in-service software upgrades.
  • Use common syntax across the various systems within Clearpass. For instance, monitoring view and guest view use different syntax's.
Aruba Clearpass is well suited for organizations that require diverse network segmentation. This system provides the ability to lock down user access to only the resources one needs. The initial setup of a system like this is resource-intensive and may require outside consulting, but once in place, day to day system management is minimal and network visibility is increased.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
Read this authenticated review
March 12, 2020
Don Ringelestein | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Aruba ClearPass is being used across the organization; we use it for authenticating wireless devices and assigning users to appropriate VLANs by membership in AD security groups. It is used by more than 14000 users daily, with a mix of devices from iPads to Chromebooks to Windows PCs and laptops, with some personal cell phones (more than 3000 daily) mixed in.
  • It does a great job of authenticating users and eliminating the need for us to run multiple SSIDs to “manually” separate users.
  • Integrates well with AD to support assigning users to segments based on security group membership
  • It integrates well with our Aruba controller environment
  • We’d like to see some logic being applied to the VLAN assignment so that we could do it based on more than one condition - for example, membership in a security group and operating system.
Aruba ClearPass is ideal in an HP/Aruba environment, and it works well with Active Directory as well. We use it in a busy enterprise environment with an average of 18000-20000 devices connecting daily. Our main applications are streaming video and audio, with other less taxing web environments in use, but most with significant animation.
Our HP/Aruba team has been stellar. Always there to support us proactively, worked hard to build relationships with the staff, really top-notch.
Read Don Ringelestein's full review
November 07, 2019
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
ClearPass is being used company-wide. Every person's device is authenticated through ClearPass and depending on what department they are they are put into a VLAN that gives them access to the systems they need. I love that ClearPass can grant or deny access to certain systems based on the user because it saves time not having to build that manually. We also use ClearPass to create guest accounts for visitors that come to our campus. These guest accounts grant access to the internet but not to our internal systems. ClearPass solves the problem of having multiple departments with different needs and being able to grant them access to what they need while keeping the network secure. ClearPass allows us to use 802.1x so we can put a base config on our network devices and not have to configure each port specific to each person or device.
  • You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
  • Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
  • It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
  • Getting data out of ClearPass is difficult. You can get some with SNMP but he API is lacking. There is only a limited amount of info that you can get from it. Even some data that shows up in ClearPass Insight is not available to import into a 3rd party application.
  • In the past, if you have hardware/software issues you could troubleshoot them yourself through the CLI in a Linux type interface but now they have locked everything down and it makes troubleshooting difficult. You have to rely on them for everything. As a person who likes to understand the ins and outs of the systems I manage it is somewhat frustrating.
  • Steep learning curve, although support can assist and their forums like airheads can be helpful. This is a complex system and can take a while to grasp how everything works and integrates.
We have quite a few visitors to our campus and we don't want to have a set PSK for the wireless so we have configured a guest network where visitors can create an account and gain access to the internet and we don't have to "manage" it since the accounts will expire after a certain time. We have RF scanners in our warehouses and we want them to be allowed on the network and be put into its own VLAN. ClearPass can do this flawlessly by keying off of the MAC address when it comes online and putting it into the correct VLAN. This makes it so we don't have to add each device individually to the system. The only time ClearPass would not be appropriate is in a small deployment where the cost to value wouldn't make sense.
Aruba tier 1 support is not that great if your issue is more complex. For simple issues, the first contact is usually fine but if I know the issue is more complex I ask them from the start to escalate the issue which they are always happy to do. From there, their support have been great and I have had confidence that they know what they are talking about and there is a quick resolve. Airhead forum support is pretty good since it's community-based and I can find many answers to question there.
Read this authenticated review
December 07, 2019
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
ClearPass is used as a NAC and access server for wireless connectivity, and we are planning to use it for wired NAC in the future. It is used for wireless employee authentication with EAP-TLS, as well as wireless guest access with self-registration. It addresses wireless authentication problem in a reliable and scalable manner.
  • Wireless authentication with EAP-TLS.
  • Wireless guest access with self-registration.
  • Interfacing with Aruba wireless controllers.
  • Very good logging/troubleshooting.
  • Wired NAC with non-Aruba switches is clunky and hard.
  • Configuration is not intuitive.
  • Training materials online are practically nonexistent.
  • Even when given on official training courses, training materials are terrible.
It works very well with Aruba wireless controllers and, according to the demos, with Aruba switches for wired NAC. Works well for guest portals with self-registration. Posture checking - Onguard - is limited on Macs, but extensive on Windows. Onboarding with EAP-TLS on android phones requires an app. However, wired NAC is very hard with non-Aruba switches. Policies can be very granular.
Support, unfortunately, is one thing that Aruba needs a lot of improvement. While some engineers are skilled, others have been quite low-quality. Engineers tend to not take ownership and one needs to keep calling to get a case moved forward in a timely manner. In my experience, many times an engineer owning my case would leave office and not be in the next day without resolving the case or handing it off properly. Licensing support in particular has been handled very poorly.
Read this authenticated review
October 22, 2019
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We currently use Aruba ClearPass across the entire company. We have it tied to our Active Directory for 802.1x authentication on both the wired and wireless networks. When employees connect to the network, they are prompted for their credentials and are put in the proper VLAN according to the groups they belong to in Active Directory.
  • Granularity in access.
  • Multiple sources of authentication.
  • Manage guest and defined users with the same tool.
  • Nested configurations can get tiresome and hard to follow.
  • More robust reporting.
  • Add the ability to search MAC addresses including colons and periods.
Aruba ClearPass is perfect for implementing 802.1x access. Having the ability to configure the system to drop users into the proper network ad-hoc is invaluable when you have a large organization; the old method of manually configuring interfaces as employees move around is gone. If you are looking for something that has robust and easy to access logs, you will have to look at an external tool; the built-in options with ClearPass are not that great.
Technical support is easy to get a hold of and responsive to requests. There are certain options in the command line that TAC keeps to themselves for troubleshooting purposes, and I am not a fan of having to call in for support to have a deep-dive into a given issue. I would like it if the robust logging commands and controls were available to owners/administrators of the system.
Read this authenticated review

What is Aruba ClearPass?

Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.

Aruba ClearPass Video

Aruba ClearPass: Get a crystal-clear view of your networks

Aruba ClearPass Technical Details

Operating Systems: Unspecified
Mobile Application:No

Frequently Asked Questions

What is Aruba ClearPass?

Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.

What is Aruba ClearPass's best feature?

Reviewers rate Support Rating highest, with a score of 8.3.

Who uses Aruba ClearPass?

The most common users of Aruba ClearPass are Enterprises from the Education Management industry.