top of page
top

Home >>

AR-CPA2

Aruba >>

AR-CPA2

HPE Aruba Networking ClearPass Advanced Workshop

HPE_Aruba_Authorized_Learning_Partner_152x152.jpg

Price
Duration

USD 4,000 excl. VAT

5 Days

security.jpg
PDF.jpg
PDF Outline

Who Should Attend

• Network Security Experts
• Individuals who implement network access control solutions.

• Network managers with HPE Aruba Network access device experience (wired and wireless).
• Network administrators who already own a ClearPass solution and are looking to deploy advanced features

Prerequisites

Prerequisits

Configuring HPE Aruba Networking ClearPass course

Course Content

What you'll will learn

This advanced level course is taught as a workshop. Participants will be led through a real-world design and implementation scenario encompassing all aspects of the HPE Aruba Networking ClearPass security product. This 5-day course will cover the design, implementation, and troubleshooting of ClearPass solutions.

The course is presented as a workshop, meaning that it is focused on student participation and hands-on labs to reinforce concepts through design exercises and lab debriefs, as well as planning and implementation of the design. This is not a course that relies on a step-by-step lab guide and you will be challenged to find creative solutions to the scenario. By the nature of this workshop, you will master troubleshooting techniques in ClearPass.

Objectives

Course Objectives

After you successfully complete this course, expect to be able to:
• Design a ClearPass cluster
• Design a High availability solution with Virtual IP address following the best practices
• Describe Public Key Infrastructure and certificate format types
• Plan the certificates used by ClearPass
• Explain how Enrollment over Secure Transport can automate the certificate generation process
• Leverage RADIUS services to handle corporate wireless connections
• Deploy WEBAUTH services to handle health checks

• Describe the proposed RADIUS services that handles guest wireless connections
• Explain general guest considerations
• Design guest RADIUS services
• Describe the proposed Onboard services
• Describe the MPSK feature
• Leverage these features in your deployment
• Plan a successful wired access deployment
• Provide administrative access control to ClearPass modules and NADs
• Generate custom reports and alert

Course Outline

Outlines

• Network requirements
o ClearPass goals
o Network topology
o List of available resources
o Scenario analysis
o Authentication requirements
o Multiple user account databases
o User account attributes
o High level design
• PDI and digital certificates
o Certificate types
o PKI
o Certificate trust
o Certificate file formats
o ClearPass as CA
o Certificate use cases:
 EAP
 HTTPS
 Service-based certificates
 Onboarding
 Clustering
 RadSec
 NAD captive portal
o Installing certificates
o Enrollment over secure transport
• Cluster design
o ClearPass server placement
o Determine the layout of the cluster
o High availability schema
o Design high availability
o VIP failover
o VIP mapping
o Insight primary and secondary
• Network integration
o Authentication sources
 Local user repository
 Endpoint repository
 Admin user repository
 Guest user repository
 Guest device repository
 Onboard device repository
 Active Directory
 SQL server
o Define external servers
 Unified endpoint management
 Email server

o Endpoint profiling
 IF-MAP
 Active scans (SNMP)
 DHCP
 HTTPS
o Network devices
 RadSec
 Dynamic authorization
 Logging of RADIUS accounting
 Device-groups
 Location attributes
o Policy simulation

• Corporate access design
o Define the requirements
o High-level design
o Services design
o Plan TIPs roles
o User authentication
o Machine authentication
o Tunneled EAP, EAP-TLS and protected EAP
o One versus multiple services
o Plan enforcement
o Device-groups based enforcement
o Service implementation
o OnGuard design and implementation
 Quarantine users
 Remediation
o Onboard design and implementation
 User and device authorization
o Informational pages
o Authorization validation
o Troubleshooting enforcement
o Downloadable roles
• Guest access design
o Guest network design
o Captive portal flow
o Design tasks
o Define web pages
o Guest services design
o Guest services
o Guest access controls
o Configure network access devices
o Guest account creation
o Guest self registration
o Guest sponsor approval
o Self registration AD drop-down list
o Requirements for guest enforcement



• Multi-pre shared key
o Define the requirements
o High-level design
o Device authorization
o Service design and implementation
• Wired access
o AAA configuration
o 802.1X and MAC auth
o Using client profiling for authorization
o Using conflict attribute for authorization
o User roles configuration in AOS-S
o User roles configuration in AOS-CX
o Web redirection
o Multi-service ports
o Downloadable user roles enforcement profiles
o Downloadable user roles configuration and validation
• Administrative access
o TACACs+ based NAD administration
o TACACs+ command authorization
o Policy Manager administrators
o Guest and Onboard operators
o Register devices for MPSK
o Insight operators
o Insight reports and alerts

PDF.jpg

Further information

reg1

If you would like to know more about this course please contact us

Schedule
HPE_Aruba_Authorized_Learning_Partner_152x152.jpg
HPE_Aruba_Authorized_Learning_Partner_152x152.jpg
HPE_Aruba_Authorized_Learning_Partner_152x152.jpg
For dates in South Africa and Africa region 
reg

Thanks for registering. our team will contact you soon !

Registration

ILT/VILT

Thanks for registering. our team will contact you soon !

Registration

ILT/VILT

Thanks for registering. our team will contact you soon !

Registration

ILT/VILT
bottom of page