Detailed Course Outline
Network Requirements
- ClearPass goals
- Network topology
- List of available resources
- Scenario analysis
- Authentication requirements
- Multiple user account databases
- User account attributes
- High level design
PDI and Digital Certificates
- Certificate types
- PKI
- Certificate trust
- Certificate file formats
- ClearPass as CA
- Certificate use cases
- EAP
- HTTPS
- Service-based certificates
- Onboarding
- Clustering
- RadSec
- NAD Captive portal
- Installing certificates
- Enrollment over secure transport
Cluster Design
- ClearPass server placement
- Determine the layout of the cluster
- High availability schema
- Design high availability
- VIP failover
- VIP mapping
- Insight primary and secondary
Network Integration
- Authentication sources
- Local user repository
- Endpoint repository
- Admin user repository
- Guest user repository
- Guest device repository
- Onboard device repository
- Active Directory
- SQL server
- Define external servers
- Unified endpoint management
- Email server
- Endpoint profiling
- IF-MAP
- Active scans (SNMP)
- DHCP
- HTTPS
- Network devices
- RadSec
- Dynamic authorization
- Logging of RADIUS accounting
- Device groups
- Location attributes
- Policy simulation
Corporate Access Design
- Define the requirements
- High level design
- Services design
- Plan TIPs roles
- User authentication
- Machine authentication
- Tunneled EAP, EAP-TLS and protected EAP
- One versus multiple services
- Plan enforcement
- Device-groups based enforcement
- Service implementation
- OnGuard design and implementation
- Quarantine users
- Remediation
- Onboard design and implementation
- User and device authorization
- Informational pages
- Authorization validation
- Troubleshooting roles
Guest Access Design
- Guest network design
- Captive portal flow
- Design tasks
- Define web pages
- Guest services design
- Guest services
- Guest access controls
- Configure network access devices
- Guest account creation
- Guest self registration
- Guest sponsor approval
- Self registration AD drop-down list
- Requirements for guest enforcement
Multi Pre-Shared Key
- Define the requirements
- High level design
- Device authorization
- Service design and implementation
Wired Access
- AAA configuration
- 802.1X and MAC auth
- Using client profiling for authorization
- Using conflict attribute for authorization
- User roles configuration in ArubaOS-S
- User roles configuration in ArubaOS-CX
- Web fedirection
- Multi-service ports
- Downloadable user roles enforcement profiles
- Downloadable user roles configuration and validation
Wired Access
- TACACs+ based NAD administration
- TACACs+ command authorization
- Policy Manager administrators
- Guest and Onboard operators
- Register devices for MPSK
- Insight operators
- Insight reports and alerts