Aruba ClearPass Policy Manager For Secure Network Access
The most advanced Secure NAC platform available

Related products

Aruba ClearPass is a vendor agnostic solution that works seamlessly with Aruba and third-party network devices.

Aruba Network switches

Discover a switching portfolio purpose-built for cloud, mobile, and IoT.

Aruba access points

Offering a versatile 802.11ax and 802.11ac portfolio, Aruba's simple, fast, and secure access points support a wide range of use cases and deployment needs. Boosting IT, user, and IoT experiences, our APs rise to meet today's most challenging Wi-Fi use cases.

AI-powered client visibility

Client Insights, an important starting point for Zero Trust, delivers the visibility and intelligence needed to address the risk of unidentified and unmanaged devices on the network.

Aruba Central

A cloud-based networking solution with AI-powered insights, workflow automation, and edge-to-cloud security, Aruba Central empowers IT to manage and optimize campus, branch, remote, data center, and IoT networks from one dashboard.

Simplify network access and security with ClearPass products

Aruba Clear Pass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement. Its highly interoperability feature helps customers to leverage their investment in earlier security products.

Read ClearPass Policy Manager data sheet (PDF)

With ClearPass Onboard, easily create and deploy BYOD workflows to authorize employees and contractors to use their devices on secure networks.

ClearPass OnGuard’s Advanced endpoint posture assessments can automatically remediate or quarantine endpoints that violate corporate security and compliance policies.

Read ClearPass Onboard data sheet (PDF)
Read ClearPass OnGuard data sheet (PDF)

It’s easy to implement secure guest access and create a customized web portal using your own brand. Leverage unique features such as sponsor approval, credential delivery or usage policies via email or text.

Learn about our Portal Design Service (PDF)

Make sure you secure those Ethernet ports behind IP desk phones and in conference rooms that are not using secure 802.1X.

Read the solution brief (PDF)

CPPM Product features

Implement reliable network access control based on Zero Trust Security.

AI-powered visibility

ClearPass Policy Manager has built in device discovery and profiling features that can be complemented with AI-powered ClearPass Device Insight or Aruba Central Client Insights.

Robust authentication

ClearPass authenticates the user or device identity against a wide variety of identity sources such as Microsoft AD, LDAP, ODBC-compliant SQL database, token servers, and internal databases.

Secure authorization

ClearPass provides authorization based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time of day.

Reliable policy enforcement

When a security compromised is detected ClearPass can be signaled to take a response action from a wide range of security, network and IT sources.

Powerful integrations

ClearPass is a vendor agnostic solution and seamlessly integrates with more than 140 security-based partner solutions to provide robust authorization and enforcement.

SSO support

Single sign-on (SSO) support works with Ping, Okta, and other identity management tools to improve user experience of SAML 2.0-based applications.

Details and specifications for Aruba ClearPass Policy Manager

Appliances	ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure. VMware ESXi up to 7.0 Microsoft Hyper-V 2016/2019 R2/2019 and Windows 2016 R2 Enterprise KVM on CentOS 7.7 and Ubuntu 18.04 LTS Amazon AWS (EC2) KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04 Amazon AWS (EC2) Microsoft Azure
Platform	Deployment templates for any network type, identity store and endpoint 802.1X, MAC authentication and captive portal support ClearPass OnConnect for SNMP-based enforcement on wired switches Advanced reporting, analytics and troubleshooting tools Interactive policy simulation and monitor mode utilities Multiple device registration portals – Guest, Aruba AirGroup, BYOD, and un-managed devices Admin/operator access security via CAC and TLS certificates
Framework and protocol support	RADIUS, RADIUS Dynamic Authorization, TACACS+, web authentication, SAML v2.0 RadSec (TLS encoded RADIUS) 802.1X-2010, 802.1X-2020 TEAP (Tunneled EAP) EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAPPublic, EAP-PWD) TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP) EAP-TLS PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5 OAuth2 WPA3 Windows machine authentication SMB v2/v3 Online Certificate Status Protocol (OCSP) SNMP generic MIB, SNMP private MIB Common Event Format (CEF), Log Event Extended Format (LEEF), and RFC5424
Supported identity stores	Microsoft Active Directory RADIUS Any LDAP compliant directory MySQL, Microsoft SQL, PostGRES and Oracle 11g ODBC-compliant SQL server Token servers Built-in SQL store, static hosts list Kerberos Microsoft Azure Active Directory Google G Suite
RFC standards	2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302, 4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176, 5216, 5246, 5280, 5281, 5282, 5424, 5755, 5759, 6614, 6818, 6960, 7030, 7170, 7296, 7321, 7468, 7748, 7815, 8031, 8032, 8247, 8446, 8709, 8894, 8908
Internet drafts	Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST.
Profiling methods	Active: Nmap, WMI, SSH, SNMP Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX, sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP ClearPass Device Insight Integrated & 3rd Party: Onboard, OnGuard, ArubaOS, EMM/MDM, Cisco device sensor
IPv6 Support	RADIUS and RadSec TACACS+ Clustering (intra-node communication) Web and CLI based management IPv6 addressed authentication & authorization servers IPv6 accounting proxy IPv6 addressed endpoint context servers Syslog, DNS, NTP, IPsec IPv6 targets IPv6 Virtual IP for high availability HTTP Proxy Ingress Event Engine Syslog sources Onboard, OnGuard
Certifications	FIPS 140-2 – Certificate #2577 Common Criteria NDcPP + Authentication Server (ClearPass) USGv6 approved

Questions? We're here to help.

From offering expert advice to solving complex problems, we've got you covered. Get in touch with a Aruba Networks Solutions Specialist today to learn more!

Aruba ClearPass Policy Manager For Secure Network Access The most advanced Secure NAC platform available