HPE Aruba Networking ClearPass Advanced Workshop (CPAC) – Contenuti

Contenuti dettagliati del Corso

Network Requirements
  • ClearPass goals
  • Network topology
  • List of available resources
  • Scenario analysis
  • Authentication requirements
  • Multiple user account databases
  • User account attributes
  • High level design
PDI and Digital Certificates
  • Certificate types
  • PKI
  • Certificate trust
  • Certificate file formats
  • ClearPass as CA
  • Certificate use cases
    • EAP
    • HTTPS
    • Service-based certificates
    • Onboarding
    • Clustering
    • RadSec
    • NAD Captive portal
  • Installing certificates
  • Enrollment over secure transport
Cluster Design
  • ClearPass server placement
  • Determine the layout of the cluster
  • High availability schema
  • Design high availability
  • VIP failover
  • VIP mapping
  • Insight primary and secondary
Network Integration
  • Authentication sources
    • Local user repository
    • Endpoint repository
    • Admin user repository
    • Guest user repository
    • Guest device repository
    • Onboard device repository
    • Active Directory
    • SQL server
  • Define external servers
    • Unified endpoint management
    • Email server
  • Endpoint profiling
    • IF-MAP
    • Active scans (SNMP)
    • DHCP
    • HTTPS
  • Network devices
    • RadSec
    • Dynamic authorization
    • Logging of RADIUS accounting
    • Device groups
    • Location attributes
  • Policy simulation
Corporate Access Design
  • Define the requirements
  • High level design
  • Services design
  • Plan TIPs roles
  • User authentication
  • Machine authentication
  • Tunneled EAP, EAP-TLS and protected EAP
  • One versus multiple services
  • Plan enforcement
  • Device-groups based enforcement
  • Service implementation
  • OnGuard design and implementation
    • Quarantine users
    • Remediation
  • Onboard design and implementation
    • User and device authorization
  • Informational pages
  • Authorization validation
  • Troubleshooting roles
Guest Access Design
  • Guest network design
  • Captive portal flow
  • Design tasks
  • Define web pages
  • Guest services design
  • Guest services
  • Guest access controls
  • Configure network access devices
  • Guest account creation
  • Guest self registration
  • Guest sponsor approval
  • Self registration AD drop-down list
  • Requirements for guest enforcement
Multi Pre-Shared Key
  • Define the requirements
  • High level design
  • Device authorization
  • Service design and implementation
Wired Access
  • AAA configuration
  • 802.1X and MAC auth
  • Using client profiling for authorization
  • Using conflict attribute for authorization
  • User roles configuration in ArubaOS-S
  • User roles configuration in ArubaOS-CX
  • Web fedirection
  • Multi-service ports
  • Downloadable user roles enforcement profiles
  • Downloadable user roles configuration and validation
Wired Access
  • TACACs+ based NAD administration
  • TACACs+ command authorization
  • Policy Manager administrators
  • Guest and Onboard operators
  • Register devices for MPSK
  • Insight operators
  • Insight reports and alerts