Thank you all for the responses to this thread and the other I posted (re segment sizes). One of the driving reasons behind switching from the smaller vendor we were using to Aruba is the ability to reach out to peers to have specific vendor-based questions answered. I feel strongly that our previous manufacturer has excellent products (we'll be continuing to use them for years to come in current installs), but reinventing the wheel was exhausting.
Thanks again for all your help/suggestions/info! -Brian -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Adam T Ferrero Sent: Thursday, July 21, 2016 9:40 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Aruba and Bradford We are very happy with our Aruba Clearpass implementation. We brought it in for host integrity checking in our residence halls and have continued to add more services. It handled Meru and now Aruba wireless as well as our Avaya wired infrastructure. It is feature rich and very flexible. We have 6,000 students in Temple managed residence halls (13 - 15k devices) with less than 5% of the devices connecting wired. We do force the Onguard agent on Windows and MACs and require our managed anti-virus. Other devices can just authenticate and work against wireless WPA2 enterprise SSID or wired .1x. Non .1x capable devices are self-registered by the students into Clearpass (they add the mac address and we then mac auth accept them). We built out all the pretty captive portal pages so onboarding process is terribly smooth and self service. We've rolled all our enterprise WPA2 enterprise authentication onto Clearpass as well (~50,000 concurrent clients). I was against the purchase initially two years ago (being a freeradius / Packet Fence fanatic) but it has served us superbly. Last fall showed the lowest Help Desk ticket volume of any move-in ever. Here's hoping we all do equally well this fall. Adam -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Brian Helman Sent: Thursday, July 21, 2016 9:28 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Aruba and Bradford Thanks everyone. Keep the info flowing ... Bruce, we're a mixed shop on the wired side. Since 2011 we've been a Juniper shop. Before that, and I still have a lot of their gear that I haven't upgraded, we were Alcatel(-Lucent). Those of you who are using ClearPass, anyone have a mixed wireless shop (ie, did you start with another vendor and move to Aruba)? I'm curious if you avoided using ClearPass on the other wireless or embraced it, and to what level of success? So, how many of your friends/acquaintances think you all get the summer off, because we work in academia? This is all great information everyone! -Brian -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Osborne, Bruce W (Network Services) Sent: Thursday, July 21, 2016 7:26 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Aruba and Bradford Brian, What wired vendor are you using? I know for Cisco wired switches, you can pass the vlan name (as defined on the access switch) instead of the vlan ID for a role. This lets you have many student VLANs in the network, for instance. Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 -----Original Message----- From: Bucklaew, Jerry [mailto:[email protected]] Sent: Wednesday, July 20, 2016 4:50 AM Subject: Re: Aruba and Bradford Brian, We are a bradford shop and are migrating to clearpass. We used the bradford for registration or our resnet as well as our wireless gaming network. It worked ok, but my major issues with it were.. 1. Bradford is designed around vlan switching, moving ports from one vlan to the other. Vlan switch is labor/process intensive to setup/run because it needs to know about every switch, needs to know about every link change and needs to talk to every switch. 2. Bradford is not flexible when it comes to passing back radius attributes. For example you can pass back only one attribute, interface-name I think. You can not do multiple. 3. Bradford is not flexible about registration, the device needs to be on the network in order to register. User admin of registration does not exists. We moved to clearpass for our wirelesss network and it is just a much more flexible system. It can do almost anything, very customizable. Our main driver was dorm Ap's. By moving to dorm ap's (every other room) we are putting half our wired ports through the aruba system. To get the same look and feel from a user perspective both wired and dorm ap wired need to be off the same system. We moved away from vlan switching to 802.1x/mac off on the dorm ap's and a inline system for the rest of the wired ports. Eventually we are moving to 802.1x/mac off for everything, away from vlan switching. Besides the same look and feel, it gives us a much more flexible registration system and a very nice "my devices" portal so users can manage their own registrations. I can give more specifics if you need it. On 7/19/2016 5:10 PM, Brian Helman wrote: > Feel free to ping me off-list. I may sanitize/redact comments and repost > them for the benefit of others though.. > > > > If you are an Aruba AND Bradford shop, what was you reason for using > Bradford vs Clearpass? Our primary interest in NAC is onboarding and > guest networks (wired and wireless). We are currently a Bradford > shop. I don’t see a reason to change, but I’d like to understand the > benefits (or drawbacks) for staying with Bradford (or moving to Clearpass, > for that matter). > > > > If you migrated from Bradford to Clearpass, would you do it again? Pains? > Successes? > > > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
