I'm about to start a proof of concept, with the potential result of transitioning from Cisco ISE to Aruba ClearPass. I'm trying to wrap my head around the ClearPass interface and the different way things are done compared to ISE.
Right now my approach with ISE is essentially using Policy Sets to separate by NAD Vendor / MAB / 802.1X. From there, Authentication based on the relevant Identity Source, and then Authorization is where the heavy lifting is done - determining what access this device gets based on whatever relevant information.
I've noticed with ClearPass that they don't even enable Authorization by default in their Service Templates. Is this normal operating procedure for ClearPass? Is everything done through Roles and Enforcement Policy instead of Authorization?
I fancied myself pretty good at using ISE, but I'm finding myself a bit lost when it comes to applying that knowledge to ClearPass. Can anyone point me to some good documentation for doing a transition from Cisco ISE to Aruba ClearPass, or provide some general advice?
No comments:
Post a Comment