Arista Access point Authentication with Aruba Clearpass

Arista Access point Authentication with Aruba Clearpass

Lets talk about the Arista Access point Authentication with Aruba Clearpass for the 802.1x Authentication of Enterprise Users on Enterprise Devices. Lets start with the basics on the Aruba Clearpass.

What is Aruba Clearpass?

Aruba Clearpass is a network access control (NAC) and policy management tool created by Aruba Networks, a subsidiary of HPE. It secures network access and enforces network policies for wired, wireless, and distant networks.

Features and capabilities of Aruba Clearpass:

  • Clearpass enables organizations to verify and authorize network users and devices before providing them access to the network. It enforces restrictions based on user identification, device kind, location, and other factors to guarantee that only authorized and conforming devices may connect to the network.
  • Clearpass enables organizations to give secure visitor access to their networks by self-registration. For visitor onboarding, it provides self-registration portals, sponsor-based access, and connectivity with social network authentication. To regulate access rights and duration, guest access policies may be set and implemented.
  • Organizations may use Clearpass to securely onboard and manage employee-owned devices (laptops, smartphones, and tablets) on the network. It supports a variety of device onboarding mechanisms, including as certificate-based authentication, 802.1X, and device registration.
  • Clearpass uses device profiling techniques to detect and categorize connected devices based on their features and behaviour. This enables organizations to obtain visibility into the devices on their networks and implement suitable security rules.
  • Clearpass provides policy enforcement tools that are configurable. To dynamically enforce network access regulations, it connects with network infrastructure components such as switches, wireless controllers, and firewalls. Policies can be set depending on user roles, device kinds, time of day, location, and other criteria.
Arista WiFi works with Aruba Clearpass to onboard WiFi clients and keep enterprise WiFi networks secure. 802.1x Authentication of Enterprise Users on Enterprise Devices

Arista Access point Authentication with Aruba Clearpass
Fig 1.1-Arista Access point Authentication with Aruba Clearpass

Step 1
The client sends an 802.11 Association Request for access to the corporate SSID
Step 2: The Arista access point (AP) sends an EAP Identity Request to the client, which responds with an EAP and get Identity Response message.
Step 3: The AP then sends a RADIUS Access-Request message to Clearpass. This message identifies the security mechanism (PEAP MSCHAPv2) and the corporate intranet VLAN to which the SSID is mapped.
Step 4: Clearpass generates and sends a RADIUS-Challenge to the AP. The AP sends an EAP Challenge to the client, which responds with an EAP Response. 
Step 5: The AP passes on the client’s response to Clearpass via a RADIUS Access-Request. Clearpass queries its database to verify the response.
Step 6: Once the response is verified, Clearpass sends a RADIUS Access-Accept to the AP. The AP sends an 802.11 association Response to the client, granting it access to the network.

Continue Reading...