Course Overview
In the 5-day HPE Aruba Networking ClearPass Advanced Configuration course, you will learn how to design, deploy, and troubleshoot several aspects of the ClearPass security product. This course includes both instructional modules and hands-on labs to teach you about advanced features of the ClearPass portfolio.
Who should attend
Ideal candidates include network professionals who are looking to build their advanced knowledge of ClearPass.
Prerequisites
Course Objectives
After you successfully complete this course, expect to be able to:
- Deploy a complete and resilient Network Access Control (NAC) security solution based on HPE Aruba Networking ClearPass.
- Understand the HPE Aruba Networking ClearPass logic to handle different authentication events.
- Implement a secure network that follows the principles of the Zero Trust Security (ZTS) architecture.
Course Content
Public Key Infrastructure
- Describe PKI infrastructure
- Evaluate the advantages and disadvantages of public and private PKIs
- Understand best practices for public and private certificates on ClearPass
ClearPass cluster
- The licensing module for ClearPass
- Request certificates for RADIUS and HTTPS
- Upgrade the ClearPass system
- Run and secure backups
Upgrade ClearPass cluster
- Describe ClearPass cluster upgrade procedures
- Analyze best practices on cluster updates
Cluster troubleshooting
- Revise common upgrade failures
- Assess and troubleshoot failed cluster upgrades
Enrollment over Secure Transport
- Define EST
- EST’s main components
- Configure and monitor ETS
RadSec
- Describe RadSec, its main components and characteristics
- Configure RadSec
- Troubleshoot RadSec
ClearPass access request process
- Describe the service classification and match process
- The process of an access request
- Perform services troubleshooting
Creating services and rules manually
- Describe the process of manually creating a service and its dependencies
- Manually configure new services, enforcement policies and profiles
- Explore the different parts of a service and best practices of naming convention and maintenance
Dual SSID OnBoard
- Compare single and dual SSID device onboarding
- The benefits of dual SSID onboarding
- Configure dual SSID onboarding
- Managing usercertificates
Implementing MPSK
- MPSK concept
- Configure MPSK with user self-registration
- Configure MPSK for a device group
- Troubleshooting MPSK
Wired onboarding/profiling
- Onboarding process for wired devices
- Configure services for wired devices onboard
- Troubleshoot wired authentication and profiling
Dynamic Segmentation - BYOD, employee, and guest
- Concepts of dynamic segmentation
- ClearPass functions related to dynamic segmentation
- Configure downloadable user roles to support dynamic segmentation
Engels
Frans
Duits
Duitsland