ClearPass Policy Manager Data Sheet
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
SPECIFICATIONS
Appliances
ClearPass is available as hardware or as a virtual appliance. Virtual
appliances are supported on VMware vSphere Hypervisor (ESXi),
Microsoft Hyper-V, CentOS KVM & Amazon EC2.
• VMware ESXi 6 up to 6.7
• Microsoft Hyper-V 2012/2016 R2 and Windows 2012/2016
R2 Enterprise
• KVM on CentOS 7.5
• Amazon AWS (EC2)
Platform
• Deployment templates for any network type, identity store
and endpoint
• 802.1X, MAC authentication and captive portal support
• ClearPass OnConnect for SNMP-based enforcement on
wired switches
• Advanced reporting, analytics and troubleshooting tools
• Interactive policy simulation and monitor mode utilities
• Multiple device registration portals – Guest, Aruba
AirGroup, BYOD, and un-managed devices
• Admin/operator access security via CAC and TLS certicates
Framework and protocol support
• RADIUS, RADIUS Dynamic Authorization, TACACS+, web
authentication, SAML v2.0
• RadSec
• EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
• PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP-
Public, EAP-PWD)
• TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5,
PAP, CHAP)
• EAP-TLS
• PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
• OAuth2
• WPA3
• Windows machine authentication
• SMB v2/v3
• Online Certicate Status Protocol (OCSP)
• SNMP generic MIB, SNMP private MIB
• Common Event Format (CEF), Log Event Extended Format
(LEEF)
Supported identity stores
• Microsoft Active Directory
• RADIUS
• Any LDAP compliant directory
• MySQL, Microsoft SQL, PostGRES and Oracle 11g
ODBC-compliant SQL server
• Token servers
• Built-in SQL store, static hosts list
• Kerberos
• Microsoft Azure Active Directory
• Google G Suite
RFC standards
2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869,
2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302,
4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176,
5216, 5246, 5280, 5281, 5282, 5755, 5759, 6614, 6818, 6960,
7030, 7296, 7321, 7468, 7815, 8032, 8247
Internet drafts
Protected EAP Versions 0 and 1, Microsoft CHAP extensions,
dynamic provisioning using EAP-FAST, TACACS+, draft-ietf-
curdle-pkix-00 EdDSA, Ed25519, Ed448, Curve25519 and
Curve448 for X.509, draft-nourse-scep-23 (Simple Certicate
Enrollment Protocol)
Proling methods
• Active: Nmap, WMI, SSH, SNMP
• Passive: MAC OUI, DHCP, TCP, Netow v5/v10, IPFIX,
sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
• Integrated & 3rd Party: Onboard, OnGuard, ArubaOS,
EMM/MDM, Cisco device sensor
IPv6 Support
• Web and CLI based management
• IPv6 addressed authentication & authorization servers
• IPv6 accounting proxy
• IPv6 addressed endpoint context servers
• Syslog, DNS, NTP, IPsec IPv6 targets
• IPv6 Virtual IP for high availability
• HTTP Proxy
• Ingress Event Engine Syslog sources
Information assurance validations
• FIPS 140-2 – Certicate #2577
• Common Criteria NDcPP + Authentication Server
(ClearPass)