Skip to main content

Aruba Networks ClearPass Integration Guide (RADIUS)

Introduction

Use this guide to enable Multi-Factor Authentication access via RADIUS to Aruba Networks ClearPass

Prerequisites

1. Have Aruba Networks ClearPass and access to the administration console / CLI

2. Configure the RADIUS Server on SecureAuth IdP

Aruba Networks ClearPass Configuration Steps

There are two (2) options to configure ClearPass: WebUI configuration or CLI configuration

Follow the preferred method's steps only

Option 1: WebUI Steps

1. In the Aruba Networks ClearPass WebUI Console, navigate to Configuration --> Security --> Authentication --> Servers

2. Select RADIUS Server to display the RADIUS Server List

3. Provide a Name for the new server, e.g. SecureAuth, and click Add

4. Select the name to configure the parameters, such as IP Address; and then check Mode to activate the server

5. Click Apply

6. Select Server Group to display the Server Group List

7. Provide a Name for the new server group, e.g. corp_rad, and click Add

8. Select the name to configure the parameters

9. Under Servers, select New to add a server to the group

10. Select the server (i.e. SecureAuth) from the dropdown menu and click Add Server

11. Click Apply

12. Navigate to Configuration --> Management --> Administration

13. Under Management Authentication Servers, select a management role, e.g. root, for the Default Role

14. Check Mode to activate

15. For the Server Group, select the newly created group, i.e. corp_rad

16. Click Apply

Option 2: CLI Steps

Add New RADIUS Server

aaa authentication-server radius SecureAuth
  host <ipaddr>
  enable

Add New Server Group

aaa server-group corp_rad
  auth-server SecureAuth

Define Role for Server Group

aaa authentication mgmt
  default-role root
  enable
  server-group corp_rad