Skip to main content
TrustRadius
Aruba ClearPass

Aruba ClearPass

Overview

What is Aruba ClearPass?

Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.

Read more
Recent Reviews

TrustRadius Insights

This product is a versatile network access control system that is used in wired and wireless networks for information security purposes. …
Continue reading

Aruba Clearpass

10 out of 10
September 08, 2020
Incentivized
This is the network access control system used for the organization. This system allows several different types of devices to easily …
Continue reading
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Aruba ClearPass?

Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

36 people also want pricing

Alternatives Pricing

What is NordLayer?

NordLayer provides cybersecurity tools for businesses of any size or work model developed by the standard of NordVPN. NordLayer helps organizations secure networks and enhance internet security and modernizes network and resource access with technical improvements aligning with the best regulatory…

What is Twingate?

Twingate allows businesses to secure remote access to their private applications, data, and environments, whether they are on-premise or in the cloud. Built to make the lives of DevOps teams, IT teams, and end users easier, it replaces outdated corporate VPNs which were not built to handle a world…

Return to navigation

Product Demos

Aruba Clearpass - Employee Device OnGuard Demo

YouTube

ClearPass 6.6 Multi-factor authentication: demo network access with ImageWare GoVerifyID biometrics

YouTube

Aruba Clearpass - Wired 802.1x Demo

YouTube

[ATM16 Demo] Connect and Protect Building IoT with Aruba ClearPass

YouTube

Aruba Clearpass - Sponsored Guest Access Demo

YouTube

ClearPass 6.6 Multi-factor authentication: demo Onboarding with SMS confirmation

YouTube
Return to navigation

Product Details

What is Aruba ClearPass?

Aruba ClearPass Video

Aruba ClearPass: Get a crystal-clear view of your networks

Aruba ClearPass Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.

Reviewers rate Support Rating highest, with a score of 9.1.

The most common users of Aruba ClearPass are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(43)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

This product is a versatile network access control system that is used in wired and wireless networks for information security purposes. It offers features such as NAC, RADIUS, and TACACS to ensure the security of network connections. With its ability to dynamically assign devices with certificates to VLAN groups in wired networks and restrict their authority with DACL, it provides a robust solution for controlling network access.

One key use case of this product is user authentication. It can be utilized for authenticating users in connection to various network and security products through the TACACS feature. This not only enhances the overall security of the network but also simplifies the authentication process for users. Additionally, it serves as a primary authentication platform for organizations, like universities, providing TACACS for management and RADIUS services for 802.1X authentication.

Another important use case is guest and BYOD network security in wireless networks. By authenticating wireless devices and assigning users to appropriate VLANs based on their membership in AD security groups, this product ensures the security of guest and BYOD networks. Moreover, it creates guest accounts for visitors, granting them access to the internet while restricting access to internal systems.

In addition to these use cases, the product also addresses wireless authentication problems in a reliable and scalable manner. By managing devices on wireless networks and providing a registration portal page for guest users, it simplifies the process of managing network access for both employees and visitors. Furthermore, it reduces management overhead for IT staff while enhancing convenience for users.

Overall, this product serves as an essential network access control system that addresses various security needs in both wired and wireless networks. Its user-friendly features and robust functionality make it a valuable tool for organizations seeking to enhance their information security measures while simplifying network management tasks.

Wide range of compatible devices: Many users have found the wide range of compatible devices in ClearPass to be helpful, as it allows for easy integration with various systems. This flexibility enables users to seamlessly connect and manage their network infrastructure without any compatibility issues.

Easy-to-understand rule-writing structure: The hierarchical and easy-to-understand rule-writing structure in ClearPass has been appreciated by several users. This feature simplifies the process of configuring access for different devices and purposes, making it convenient for users to set up and manage user authentication rules.

Seamless integration with Microsoft Active Directory: Users have praised the seamless integration of ClearPass with Microsoft Active Directory. This functionality allows for efficient user authentication and eliminates the need for multiple SSIDs, streamlining the user experience while ensuring secure network access.

Difficult Rule Editing: Users have found it challenging to edit and save rules in ClearPass, particularly when navigating to the end of the page. They have expressed difficulty in making rule modifications and successfully saving them.

Limited OR Operations: Reviewers have mentioned that ClearPass does not allow performing an OR operation within a rule. As a result, they are required to write multiple rules instead, which can be time-consuming and cumbersome.

Complex License Structure: Users have reported confusion and difficulty understanding the license structure of ClearPass. The complex nature of the licensing system makes it hard for users to grasp and manage effectively.

Attribute Ratings

Reviews

(1-8 of 8)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I'm using this software to manage devices on my wireless network including a portal registration page for guest users. I also plan to use 802.1x for wired authentication.
  • Reliable
  • Informative dashboards
  • Priced well
  • Integrates into non-aruba platforms
  • Easy to install patches
  • Little downtime
  • The user interface is outdated
  • Support is not as responsive as it used to be
  • I'd like to be able to build dashboards
For mid/large organizations I think this is a great product, system requirements aren't too high, after the product is up and running it requires little maintenance except for patches and there is a large talent pool for resources. Clearpass is agnostic to vendors so whatever your wireless solution is this platform should be able to integrate with it.

It may not be needed for smaller organizations as set up does take a lot of time and may not provide much value in return.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
ClearPass is used as a NAC and access server for wireless connectivity, and we are planning to use it for wired NAC in the future. It is used for wireless employee authentication with EAP-TLS, as well as wireless guest access with self-registration. It addresses wireless authentication problem in a reliable and scalable manner.
  • Wireless authentication with EAP-TLS.
  • Wireless guest access with self-registration.
  • Interfacing with Aruba wireless controllers.
  • Very good logging/troubleshooting.
  • Wired NAC with non-Aruba switches is clunky and hard.
  • Configuration is not intuitive.
  • Training materials online are practically nonexistent.
  • Even when given on official training courses, training materials are terrible.
It works very well with Aruba wireless controllers and, according to the demos, with Aruba switches for wired NAC. Works well for guest portals with self-registration. Posture checking - Onguard - is limited on Macs, but extensive on Windows. Onboarding with EAP-TLS on android phones requires an app. However, wired NAC is very hard with non-Aruba switches. Policies can be very granular.
Mehmet Fatih Onal | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
It is used in our wired and wireless networks with nac, radius and tacacs features. Within the scope of information security, it is used as RADIUS-NAC with features such as dynamically assigning the devices that come with certificates to the relevant vlan group in wired networks, and restricting their authority with dacl. In addition, tacacs feature is used for user authentication in connection to various network and security products. In the wireless network, it is used to ensure the security of guest and BYOD networks.
  • wide range of compatible devices
  • have an easy-to-understand and hierarchical rule-writing structure
  • easy-to-use interface and extensive documentation
  • seamless MS AD integration
  • Going to the end of the page to edit the rules and save them later causes problems.
  • An AND operation can be performed within a rule, but an OR operation cannot. therefore having to write too many rules
  • The license structure seems very complex at first.
Regardless of large or small businesses, if a secure access such as client authorization, authentication and activity monitoring is desired on the wired or wireless network side, it can be preferred as the easiest to use and more performance product than its competitors.
September 08, 2020

Aruba Clearpass

Score 10 out of 10
Vetted Review
Verified User
Incentivized
This is the network access control system used for the organization. This system allows several different types of devices to easily connect to the network and get the proper access required for that individual or appliance. This solves a security issue that many organizations may face, properly restricting users or devices to only the resources they need.
  • Network access control
  • Guest network access
  • Network segmentation
  • More intuitive upgrade process.
  • Add in-service software upgrades.
  • Use common syntax across the various systems within Clearpass. For instance, monitoring view and guest view use different syntax's.
Aruba Clearpass is well suited for organizations that require diverse network segmentation. This system provides the ability to lock down user access to only the resources one needs. The initial setup of a system like this is resource-intensive and may require outside consulting, but once in place, day to day system management is minimal and network visibility is increased.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Clearpass is being used as our primary authentication platform for our university of around 4000 students and 1000 staff. It provides TACACS for management and radius services for 802.1X authentication for wireless and wired infrastructure. Additionally, we use the product for registering and managing guest wireless users and whitelisting IoT devices via a self-service portal that has Azure AD integration. These self-service options help reduce management overhead for IT staff and make the experience much more convenient for students.
  • Heavily extensible logic that can solve a myriad of authentication and authorization scenarios.
  • Extensive logging for troubleshooting services and device connections
  • Standards based and compatible with nearly any device capable of 802.1X.
  • Good user base for support and solutions.
  • Policy manager and guest sections of ClearPass are disjointed, and where they overlap isn't readily apparent.
  • Some changes require a full service restart which can take 5 to 10 minutes.
  • Documentation is a bit dense and hard to navigate.
ClearPass is well suited for 802.1X (PEAP or EAP-TLS) in wired and wireless scenarios. It can also do MAC authentication using its endpoint database. The fingerprinting is robust, as it can verify that a device is reported as the actual brand or model, instead of relying solely on MAC OUI. This is achieved by capturing DHCP request information that has been forwarded to the appliance. Using this information, extensive role mapping can be utilized in enforcement policies. For instance, you can apply one policy to a device that is considered a VoIP phone, but if you only want to target Polycom phones, that can be specified in the role mapping, which then can be enforced as a specific VLAN pushed to the switch port or a specific QoS policy. Downloadable user roles are another impressive feature of ClearPass which can be fully integrated with Aruba switches. Instead of deploying ACLs to switches, you can simply have the switch download the ACL from ClearPass. This helps with issues of management and scalability where extensive L3 segmentation is utilized across a network. Similarly, QoS and other options can also be included in download user roles. There are too many options to list all in this review. I liken the experience to a AAA Swiss Army Knife.

Don Ringelestein | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Aruba ClearPass is being used across the organization; we use it for authenticating wireless devices and assigning users to appropriate VLANs by membership in AD security groups. It is used by more than 14000 users daily, with a mix of devices from iPads to Chromebooks to Windows PCs and laptops, with some personal cell phones (more than 3000 daily) mixed in.
  • It does a great job of authenticating users and eliminating the need for us to run multiple SSIDs to “manually” separate users.
  • Integrates well with AD to support assigning users to segments based on security group membership
  • It integrates well with our Aruba controller environment
  • We’d like to see some logic being applied to the VLAN assignment so that we could do it based on more than one condition - for example, membership in a security group and operating system.
Aruba ClearPass is ideal in an HP/Aruba environment, and it works well with Active Directory as well. We use it in a busy enterprise environment with an average of 18000-20000 devices connecting daily. Our main applications are streaming video and audio, with other less taxing web environments in use, but most with significant animation.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
ClearPass is being used company-wide. Every person's device is authenticated through ClearPass and depending on what department they are they are put into a VLAN that gives them access to the systems they need. I love that ClearPass can grant or deny access to certain systems based on the user because it saves time not having to build that manually. We also use ClearPass to create guest accounts for visitors that come to our campus. These guest accounts grant access to the internet but not to our internal systems. ClearPass solves the problem of having multiple departments with different needs and being able to grant them access to what they need while keeping the network secure. ClearPass allows us to use 802.1x so we can put a base config on our network devices and not have to configure each port specific to each person or device.
  • You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
  • Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
  • It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
  • Getting data out of ClearPass is difficult. You can get some with SNMP but he API is lacking. There is only a limited amount of info that you can get from it. Even some data that shows up in ClearPass Insight is not available to import into a 3rd party application.
  • In the past, if you have hardware/software issues you could troubleshoot them yourself through the CLI in a Linux type interface but now they have locked everything down and it makes troubleshooting difficult. You have to rely on them for everything. As a person who likes to understand the ins and outs of the systems I manage it is somewhat frustrating.
  • Steep learning curve, although support can assist and their forums like airheads can be helpful. This is a complex system and can take a while to grasp how everything works and integrates.
We have quite a few visitors to our campus and we don't want to have a set PSK for the wireless so we have configured a guest network where visitors can create an account and gain access to the internet and we don't have to "manage" it since the accounts will expire after a certain time. We have RF scanners in our warehouses and we want them to be allowed on the network and be put into its own VLAN. ClearPass can do this flawlessly by keying off of the MAC address when it comes online and putting it into the correct VLAN. This makes it so we don't have to add each device individually to the system. The only time ClearPass would not be appropriate is in a small deployment where the cost to value wouldn't make sense.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We currently use Aruba ClearPass across the entire company. We have it tied to our Active Directory for 802.1x authentication on both the wired and wireless networks. When employees connect to the network, they are prompted for their credentials and are put in the proper VLAN according to the groups they belong to in Active Directory.
  • Granularity in access.
  • Multiple sources of authentication.
  • Manage guest and defined users with the same tool.
  • Nested configurations can get tiresome and hard to follow.
  • More robust reporting.
  • Add the ability to search MAC addresses including colons and periods.
Aruba ClearPass is perfect for implementing 802.1x access. Having the ability to configure the system to drop users into the proper network ad-hoc is invaluable when you have a large organization; the old method of manually configuring interfaces as employees move around is gone. If you are looking for something that has robust and easy to access logs, you will have to look at an external tool; the built-in options with ClearPass are not that great.
Return to navigation