EDU-CPE: ClearPass Essentials

Course Description

The “ClearPass Essentials (CPE)” training course provides you with a foundation in Network Access Control using ClearPass 6.5 system.  This course covers in depth configuration of ClearPass policy manager with a focus on Enforcement and Device Profiling. The course also includes setup and configuration details of primary application of ClearPass Guest like guest web login pages, guest self-registration, device provisioning using OnBoard and client posture analysis using OnGuard.

This course replaces the ClearPass Bootcamp.

Intended Audience

  • Network Administrators and IT Staff who’s network must support “Bring Your Own Device” (BYOD) provisioning and onboarding.

  • Network Administrators and IT Staff who configure and manage guest and visitor WLAN access.

  • Network and System Administrators responsible for reporting and compliance of WLANs

Course Prerequisites

  • Familiarity with network standards and terminology, VLANs and IP protocols including routing and switching.

  • Basic WLAN terminology and concepts.

  • Knowledge of wired and wireless networking design and operations.

  • Knowledge of RADIUS server configuration, 802.1X authentication, AAA, LDAP and Active Directory experience.

Course Contents

Intro to ClearPass

  • BYOD

  • High Level Overview

  • Posture and Profiling

  • Guest and Onboard

ClearPass for AAA

  • Policy Service Rules

  • Authentication Authorization and Roles

  • Enforcement Policy and Profiles

Authentication and Security Concepts

  • Authentication Types

  • Servers

  • Radius COA

  • Active Directory

  • Certificates

Intro to NAD

  • NAD Devices

  • Adding NAD to ClearPass

  • Network Device Groups

  • Network Device Attributes

  • Aruba Controller as NAD

  • Aruba Switch

  • Aruba Instant

Monitoring and Troubleshooting

  • Monitoring

  • Troubleshooting

  • Logging

  • Policy Simulation

ClearPass Insight

  • Insight Dashboard

  • Insight Reports

  • Insight Alerts

  • Insight Search

  • Insight Administration

  • Insight Replication

Active Directory

  • Adding AD as Auth Source

  • Joining AD domain

  • Using AD services

External Authentication

  • Multiple AD domains

  • LDAP

  • Static Host Lists

  • SQL Database

  • External Radius Server


  • Guest Account creation

  • Web Login pages

  • Guest Service configuration

  • Self-registration pages

  • Configuring NADS for Guest

  • Guest Manager Deep Dive

  • Web Login Deep Dive

  • Sponsor Approval

  • MAC Caching


  • Intro to Onboard

  • Basic Onboard Setup

  • Onboard Deepdive

  • Single SSID Onboarding

  • Dual SSID Onboarding


  • Intro to Profiling

  • Endpoint Analysis Deep Dive


  • Intro to Posture

  • Posture Deployment Options

  • OnGuard Agent Health Collection

  • OnGuard workflow

  • 802.1x with Posture using Persistent/dissolvable agent

  • OnGuard web LoginMonitoring and Updates

Operation and Admin Users

  • Operations

  • Admin Users

Clustering and Redundancy

  • Clustering

  • Redundancy

  • LAB


  • ClearPass Licensing

  • Base License

  • Applications

Single Sign-On

  • Deployment Options

  • ClearPass Admin Login SSO

  • Access Network SSO

  • ASO-Auto-Sign On

  • Configuration and Demo

ClearPass Exchange

  • Intro

  • Examples

  • General HTTP Palo Alto Firewall

  • Configuration

Case Study

  • Objectives

  • Discussion

  • Advanced Labs Overview


5 days (Five Days)