1. Home
  2. Network Access Control (NAC) Solutions
  3. Aruba ClearPass Reviews
  4. User Review of Aruba ClearPass
ClearPass Integration in a University Environment
June 07, 2020

ClearPass Integration in a University Environment

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Aruba ClearPass

Clearpass is being used as our primary authentication platform for our university of around 4000 students and 1000 staff. It provides TACACS for management and radius services for 802.1X authentication for wireless and wired infrastructure. Additionally, we use the product for registering and managing guest wireless users and whitelisting IoT devices via a self-service portal that has Azure AD integration. These self-service options help reduce management overhead for IT staff and make the experience much more convenient for students.
  • Heavily extensible logic that can solve a myriad of authentication and authorization scenarios.
  • Extensive logging for troubleshooting services and device connections
  • Standards based and compatible with nearly any device capable of 802.1X.
  • Good user base for support and solutions.
  • Policy manager and guest sections of ClearPass are disjointed, and where they overlap isn't readily apparent.
  • Some changes require a full service restart which can take 5 to 10 minutes.
  • Documentation is a bit dense and hard to navigate.
  • Less time troubleshooting issues increasing employee efficiency.
  • Faster customer issue resolution.
We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.

Do you think Aruba ClearPass delivers good value for the price?

Yes

Are you happy with Aruba ClearPass's feature set?

Yes

Did Aruba ClearPass live up to sales and marketing promises?

Yes

Did implementation of Aruba ClearPass go as expected?

Yes

Would you buy Aruba ClearPass again?

Yes

ClearPass is well suited for 802.1X (PEAP or EAP-TLS) in wired and wireless scenarios. It can also do MAC authentication using its endpoint database. The fingerprinting is robust, as it can verify that a device is reported as the actual brand or model, instead of relying solely on MAC OUI. This is achieved by capturing DHCP request information that has been forwarded to the appliance. Using this information, extensive role mapping can be utilized in enforcement policies. For instance, you can apply one policy to a device that is considered a VoIP phone, but if you only want to target Polycom phones, that can be specified in the role mapping, which then can be enforced as a specific VLAN pushed to the switch port or a specific QoS policy. Downloadable user roles are another impressive feature of ClearPass which can be fully integrated with Aruba switches. Instead of deploying ACLs to switches, you can simply have the switch download the ACL from ClearPass. This helps with issues of management and scalability where extensive L3 segmentation is utilized across a network. Similarly, QoS and other options can also be included in download user roles. There are too many options to list all in this review. I liken the experience to a AAA Swiss Army Knife.