HPE Aruba Networking ClearPass Policy Manager QuickSpecs

Shape the Future of QuickSpecs - Your Input Matters

Secure your network with policies based on the principles of zero trust security to support hybrid workplace initiatives, IoT devices, and edge computing.


HPE Aruba Networking ClearPass Policy Manager, part of the HPE Aruba Networking 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors, and guests across any multivendor wired, wireless and VPN infrastructure.

  • Overview

    With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and guest access options, HPE Aruba Networking ClearPass is unrivaled as a foundation for network security for organizations of any size.


    For comprehensive integrated security coverage and response using firewalls, UEM, and other existing solutions, HPE Aruba Networking ClearPass supports the HPE Aruba Networking 360 Security Exchange Program. This allows for automated threat detection and response workflows that integrate with third- party security vendors and IT systems previously requiring manual IT intervention.


    In addition, HPE Aruba Networking ClearPass supports secure self-service capabilities, making it easier for end users trying to access the network. Users can securely configure their own devices for enterprise use or Internet access based on admin policy controls.


    The result is detailed visibility of all wired and wireless devices connecting to the enterprise, increased control through simplified and automated authentication or authorization of devices, and faster, better incident analysis and response through the integration and orchestration with third-party security solutions. This is achieved with a comprehensive and scalable policy management platform that goes beyond traditional AAA solutions to deliver extensive enforcement capabilities for IT-owned and BYOD security requirements.

IMAGE 1

Key Features

  • – Role-based, unified network access enforcement across multi-vendor wireless, wired and VPN networks.
  • – Intuitive policy configuration templates and visibility troubleshooting tools.
  • – Supports multiple authentication/authorization sources (AD, LDAP, SQL).
  • – Self-service device onboarding with built-in certificate authority (CA) for BYOD.
  • – Guest access with extensive customization, branding and sponsor-based approvals.
  • – Integration with key UEM solutions for in-depth device assessments
  • – Comprehensive integration with the HPE Aruba Networking 360 Security Exchange Program.
  • – Single sign-on (SSO) support works with Ping, Okta and other identity management tools to improve user experience to SAML 2.0-based applications.
  • – FIPS 140-2 and CC certified.

  • Standard Features

    The HPE Aruba Networking ClearPass Policy Manager Difference

    HPE Aruba Networking ClearPass Policy Manager is the only policy platform that centrally enforces all aspects of enterprise-grade access security for any industry.


    Granular policy enforcement is based on a user's role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time-of-day.


    Deployment scalability supports tens of thousands of devices and authentications which surpasses the capabilities offered by legacy AAA solutions. Options exist for small to large organizations, from centralized to distributed environments.


    Advanced Policy Management


    Enforcement and Visibility for Wired and Wireless

    With HPE Aruba Networking ClearPass, organizations can deploy wired or wireless using standards-based 802.1X enforcement for secure authentication. HPE Aruba Networking ClearPass also supports MAC address authentication for IoT and headless devices that may lack support for 802.1X. For wired environments where RADIUS based authentication cannot be deployed, OnConnect, offers an alternative using SNMP based enforcement.


    HPE Aruba Networking ClearPass Policy Manager Device Insight provides next generation profiling capabilities to HPE Aruba Networking ClearPass Policy Manager through a cloud based machine learning algorithm that also leverage deep packet inspection support.


    Authentication methods can be used to concurrently support a variety of use-cases. It also includes support for multi- factor authentication based on log-in times, posture checks, and other context such as new user, new device, and more.


    Attributes from multiple identity stores such as Microsoft Active Directory, LDAP-compliant directory, ODBC-compliant SQL database, token servers and internal databases across domains can be used within a single policy for fine- grained control.


    Contextual data from these profiled devices allows for IT to define what devices can access either the wired, VPN, or wireless network. Device profile changes are dynamically used to modify authorization privileges. For example, if a Windows laptop appears as a printer, HPE Aruba Networking ClearPass policies can automatically deny access.


    Secure Device Configuration of Personal Devices

    HPE Aruba Networking ClearPass OnBoard Software provides automated provisioning of any Windows, macOS, iOS, Android, Chromebook, and Ubuntu devices via a user driven self-guided portal. Network details, security settings and unique device identity certificates are automatically configured on authorized devices. Cloud identity services like Microsoft Azure Active Directory, Google G Suite and Okta can also be leveraged as identity providers with Onboard for secure certificate enrollment.


    Device Health Checks

    HPE Aruba Networking ClearPass OnGuard Software delivers endpoint posture assessments over wireless, wired and VPN connections. OnGuard's health-check capabilities ensure endpoints meet security and compliance policies before they connect to the network. OnGuard offers a variety of flexible deployment options including agentless, dissolvable agents and agent-based configuration.


    Customizable Visitor Management

    HPE Aruba Networking ClearPass Guest simplifies visitor workflow processes to enable employees, receptionists, and other non-IT staff to create temporary guest accounts for secure wireless and wired access. Highly customizable, mobile friendly portals provide easy-to-use login processes that include self- registration, sponsor approval, and bulk credential creation support any visitor needs - enterprise, retail, education, large public venue. Credentials can be delivered by SMS, email, printed badges, or input directly through cloud identity providers such as Facebook or Twitter.


    Built in support for commercial oriented guest Wi-Fi hotspots with credit card billing and 3rd party advertising driven workflows make it simple to integrate into a wide variety of environments.

HPE Aruba Networking 360 Security Exchange Program


Integrate with Security and Workflow Systems

Support for the HPE Aruba Networking 360 Security Exchange Program is an integrated component of HPE Aruba Networking ClearPass. Using features like REST- based APIs, RADIUS Accounting Proxy, and Syslog ingestion help facilitate workflows with UEM, SIEM, firewalls, help-desk systems and more. Context is shared between each component for end-to-end policy enforcement and visibility.


The HPE Aruba Networking ClearPass Ingress Event Engine provides 3rd party systems the means to share information in real-time using Syslog. This enables HPE Aruba Networking ClearPass to respond to changing threats for users and devices after they have authenticated to the network. By utilizing an open dictionary approach, anyone can write a parsing ruleset without the need for costly add-ons or locked in 3rd party ecosystems.


Advanced Reporting and Alerting

HPE Aruba Networking ClearPass Insight provides advanced reporting capabilities via customizable reports. Information about authentication trends, profiled devices, guest data, on-boarded devices, and endpoint health can also be viewed in an easy-to-use dashboard. Insight also has support for granular alerts and a watchlist to monitor specific authentication failures.


HPE Aruba Networking Central NetConductor

For networks managed by HPE Aruba Networking Central, Central NetConductor offers cloud-native security services that enable global policy management and network configuration with simple business-logic interface and workflows. Central NetConductor uses a distributed EVPN/VXLAN network overlay to facilitate inline policy enforcement across large, globally dispersed networks.


Networks that use Central NetConductor for policy orchestration can choose either Cloud Auth or HPE Aruba Networking ClearPass for authentication and role assignment.

  • Configuration Information

    Ordering Guidance

    Please refer to the HPE Aruba Networking ClearPass Scaling & Ordering Guide for detailed information on appropriate sizing and required licensing to deploy HPE Aruba NetworkingClearPass.

BTO Models

Rule #

Description

SKU

Hardware Appliances

Notes:

Includes 1 PSU and 1 US Power Cord

3, 4, 5, 6

HPE Aruba Networking ClearPass N3001 SFP+ 10G Hardware Appliance

S3N65A

3

HPE Aruba Networking ClearPass N3000 1G Hardware Appliance

S3N66A

1

HPE Aruba Networking ClearPass N1000 1G Hardware Appliance

S3N67A

Virtual Appliances


HPE Aruba Networking ClearPass NAC Cx000V VM-Based Appliance License E-LTU

JZ399AAE

Configuration Rules

1

Bring in (Min 1 // Max 1) Localized power cord based on the Localization Menu

2

If JW124A is the selected localized power cord, do not add Localized Power Cord

3

Bring in (Min 2 // Max 2) Localized power cord based on the Localization Menu

4

Requires additional purchase of supported transceivers.(Refer to Tranceiver Guide)

5

The following SFP+ Transceivers install into this Appliance's SFP+ Ports:


HPE Aruba Networking 10G SFP+ LC SR 300m OM3 MMF Transceiver

J9150D

6

The following SFP28 Transceivers install into this Appliance's SFP28 Ports:


HPE Aruba Networking 25G SFP28 LC SR 100m MMF Transceiver

JL484A

HPE Aruba Networking 25G SFP28 LC eSR 400m MMF Transceiver

JL485A

HPE Aruba Networking 25G SFP28 to SFP28 0.65m Direct Attach Cable

JL487A

HPE Aruba Networking 25G SFP28 to SFP28 3m Direct Attach Copper Cable

JL488A

HPE Aruba Networking 25G SFP28 to SFP28 5m Direct Attach Copper Cable

JL489A

HPE Aruba Networking 25G SFP28 to SFP28 3m Active Optical Cable

R0M44A

HPE Aruba Networking 25G SFP28 to SFP28 7m Active Optical Cable

R0M45A

HPE Aruba Networking 25G SFP28 to SFP28 15m Active Optical Cable

R0Z21A

Notes:

– The HPE Aruba Networking ClearPass C1000 S-1200 R4 HW-Based Appliance include a U.S. power cord (will not be displayed in BOM). HPE Aruba Networking ClearPass C2020 DL360 Gen10 and the HPE Aruba Networking ClearPass C3010 DL360 Gen10 HW-Based Appliance includes a C13 - C14 WW 250V 10Amp Jumper Cord. The redundant PSUs for all models include a C13 - C14 WW 250V 10Amp Jumper Cord. When configuring Appliance, A country specific power cord will be automatically added to the BOM.

– OCA Only Model Selection Form - HPE Aruba Networking > Security > ClearPass > Policy Manager

Appliance Options

Transceivers


SFP+ Transceivers


HPE Aruba Networking 10G SFP+ LC SR 300m OM3 MMF Transceiver

J9150D

SFP28 Transceivers


HPE Aruba Networking 25G SFP28 LC SR 100m MMF Transceiver

JL484A

HPE Aruba Networking 25G SFP28 LC eSR 400m MMF Transceiver

JL485A

HPE Aruba Networking 25G SFP28 to SFP28 0.65m Direct Attach Cable

JL487A

HPE Aruba Networking 25G SFP28 to SFP28 3m Direct Attach Copper Cable

JL488A

HPE Aruba Networking 25G SFP28 to SFP28 5m Direct Attach Copper Cable

JL489A

HPE Aruba Networking 25G SFP28 to SFP28 3m Active Optical Cable

R0M44A

HPE Aruba Networking 25G SFP28 to SFP28 7m Active Optical Cable

R0M45A

HPE Aruba Networking 25G SFP28 to SFP28 15m Active Optical Cable

R0Z21A

Power Supplies

Std (Min 0 // max 99) User Selection (min 0 // max 99)

Rule #

Description

SKU

Std (Min 0 // max 99) User Selection (min 0 // max 99)

1, 5

HPE Aruba Networking DL360 Gen10 500W Spare PSU

R1T38A

Configuration Rules

1

Bring in (Min 1 // Max 1) Localized power cord based on the Localization Menu

5

This PSU is only supported on the R1V82A and R1V83A

Notes:

Redundant Power Supply includes a IEC C13 - C14 Jumper Cable


Accessories


Spares

Rule #

Description

SKU

HPE Aruba Networking ClearPass N3000x Warm Spare SSD

S3N61A

HPE Aruba Networking ClearPass N1000 Cold Spare SSD

S3N62A

Software

Licenses


Policy Manager Licenses

Remarks

Description

SKU

HPE Aruba Networking ClearPass Entry License 100 Concurrent Endpoints E-LTU

R1U35AAE

HPE Aruba Networking ClearPass Entry License 500 Concurrent Endpoints E-LTU

R1U36AAE

HPE Aruba Networking ClearPass Entry License 1K Concurrent Endpoints E-LTU

R1U37AAE

HPE Aruba Networking ClearPass Entry License 2500 Concurrent Endpoints E-LTU

R1U38AAE

HPE Aruba Networking ClearPass Entry License 5K Concurrent Endpoints E-LTU

R1U39AAE

HPE Aruba Networking ClearPass Entry License 10K Concurrent Endpoints E-LTU

R1U40AAE

HPE Aruba Networking ClearPass Entry License 25K Concurrent Endpoints E-LTU

R1U41AAE

HPE Aruba Networking ClearPass Entry License 50K Concurrent Endpoints E-LTU

R1U42AAE

HPE Aruba Networking ClearPass Entry License 100K Concurrent Endpoints E-LTU

R1U43AAE

HPE Aruba Networking ClearPass Access Upgrade License 100 Concurrent Endpoints E-LTU

R1U44AAE

HPE Aruba Networking ClearPass Access Upgrade License 500 Concurrent Endpoints E-LTU

R1U45AAE

HPE Aruba Networking ClearPass Access Upgrade License 1K Concurrent Endpoints E-LTU

R1U46AAE

HPE Aruba Networking ClearPass Access Upgrade License 2500 Concurrent Endpoints E-LTU

R1U47AAE

HPE Aruba Networking ClearPass Access Upgrade License 5K Concurrent Endpoints E-LTU

R1U48AAE

HPE Aruba Networking ClearPass Access Upgrade License 10K Concurrent Endpoints E-LTU

R1U49AAE

HPE Aruba Networking ClearPass Access Upgrade License 25K Concurrent Endpoints E-LTU

R1U50AAE

HPE Aruba Networking ClearPass Access Upgrade License 50K Concurrent Endpoints E-LTU

R1U51AAE

HPE Aruba Networking ClearPass Access Upgrade License 100K Concurrent Endpoints E-LTU

R1U52AAE

Access Licenses


HPE Aruba Networking ClearPass Access License 100 Concurrent Endpoints E-LTU

JZ400AAE

HPE Aruba Networking ClearPass Access License 500 Concurrent Endpoints E-LTU

JZ401AAE

HPE Aruba Networking ClearPass Access License 1K Concurrent Endpoints E-LTU

JZ402AAE

HPE Aruba Networking ClearPass Access License 2500 Concurrent Endpoints E-LTU

JZ403AAE

HPE Aruba Networking ClearPass Access License 5K Concurrent Endpoints E-LTU

JZ404AAE

HPE Aruba Networking ClearPass Access License 10K Concurrent Endpoints E-LTU

JZ405AAE

HPE Aruba Networking ClearPass Access License 25K Concurrent Endpoints E-LTU

JZ406AAE

HPE Aruba Networking ClearPass Access License 50K Concurrent Endpoints E-LTU

JZ407AAE

HPE Aruba Networking ClearPass Access License 100K Concurrent Endpoints E-LTU

JZ408AAE

HPE Aruba Networking ClearPass Access License 100 Concurrent Endpoints 1-year Subscription E-STU

JZ409AAE

HPE Aruba Networking ClearPass Access License 500 Concurrent Endpoints 1-year Subscription E-STU

JZ410AAE

HPE Aruba Networking ClearPass Access License 1K Concurrent Endpoints 1-year Subscription E-STU

JZ411AAE

HPE Aruba Networking ClearPass Access License 2500 Concurrent Endpoints 1-year Subscription E-STU

JZ412AAE

HPE Aruba Networking ClearPass Access License 5K Concurrent Endpoints 1-year Subscription E-STU

JZ413AAE

HPE Aruba Networking ClearPass Access License 10K Concurrent Endpoints 1-year Subscription E-STU

JZ414AAE

HPE Aruba Networking ClearPass Access License 25K Concurrent Endpoints 1-year Subscription E-STU

JZ415AAE

HPE Aruba Networking ClearPass Access License 50K Concurrent Endpoints 1-year Subscription E-STU

JZ416AAE

HPE Aruba Networking ClearPass Access License 100K Concurrent Endpoints 1-year Subscription E-STU

JZ417AAE

HPE Aruba Networking ClearPass Access License 100 Concurrent Endpoints 3-year Subscription E-STU

JZ418AAE

HPE Aruba Networking ClearPass Access License 500 Concurrent Endpoints 3-year Subscription E-STU

JZ419AAE

HPE Aruba Networking ClearPass Access License 1K Concurrent Endpoints 3-year Subscription E-STU

JZ420AAE

HPE Aruba Networking ClearPass Access License 2500 Concurrent Endpoints 3-year Subscription E-STU

JZ421AAE

HPE Aruba Networking ClearPass Access License 5K Concurrent Endpoints 3-year Subscription E-STU

JZ422AAE

HPE Aruba Networking ClearPass Access License 10K Concurrent Endpoints 3-year Subscription E-STU

JZ423AAE

HPE Aruba Networking ClearPass Access License 25K Concurrent Endpoints 3-year Subscription E-STU

JZ424AAE

HPE Aruba Networking ClearPass Access License 50K Concurrent Endpoints 3-year Subscription E-STU

JZ425AAE

HPE Aruba Networking ClearPass Access License 100K Concurrent Endpoints 3-year Subscription E-STU

JZ426AAE

HPE Aruba Networking ClearPass Access License 100 Concurrent Endpoints 5-year Subscription E-STU

JZ427AAE

HPE Aruba Networking ClearPass Access License 500 Concurrent Endpoints 5-year Subscription E-STU

JZ428AAE

HPE Aruba Networking ClearPass Access License 1K Concurrent Endpoints 5-year Subscription E-STU

JZ429AAE

HPE Aruba Networking ClearPass Access License 2500 Concurrent Endpoints 5-year Subscription E-STU

JZ430AAE

HPE Aruba Networking ClearPass Access License 5K Concurrent Endpoints 5-year Subscription E-STU

JZ431AAE

HPE Aruba Networking ClearPass Access License 10K Concurrent Endpoints 5-year Subscription E-STU

JZ432AAE

HPE Aruba Networking ClearPass Access License 25K Concurrent Endpoints 5-year Subscription E-STU

JZ433AAE

HPE Aruba Networking ClearPass Access License 50K Concurrent Endpoints 5-year Subscription E-STU

JZ434AAE

HPE Aruba Networking ClearPass Access License 100K Concurrent Endpoints 5-year Subscription E-STU

JZ435AAE

HPE Aruba Networking ClearPass OnBoard Software


HPE Aruba Networking ClearPass - Onboard License 100 Users E-LTU

JZ436AAE

HPE Aruba Networking ClearPass - Onboard License 500 Users E-LTU

JZ437AAE

HPE Aruba Networking ClearPass - Onboard License 1K Users E-LTU

JZ438AAE

HPE Aruba Networking ClearPass - Onboard License 2500 Users E-LTU

JZ439AAE

HPE Aruba Networking ClearPass - Onboard License 5K Users E-LTU

JZ440AAE

HPE Aruba Networking ClearPass - Onboard License 25K Users E-LTU

JZ442AAE

HPE Aruba Networking ClearPass - Onboard License 50K Users E-LTU

JZ443AAE

HPE Aruba Networking ClearPass - Onboard License 100K Users E-LTU

JZ444AAE

HPE Aruba Networking ClearPass - Onboard License 10K Users E-LTU

JZ441AAE

HPE Aruba Networking ClearPass - Onboard License 100 Users 1-year Subscription E-STU

JZ445AAE

HPE Aruba Networking ClearPass - Onboard License 500 Users 1-year Subscription E-STU

JZ446AAE

HPE Aruba Networking ClearPass - Onboard License 1K Users 1-year Subscription E-STU

JZ447AAE

HPE Aruba Networking ClearPass - Onboard License 2500 Users 1-year Subscription E-STU

JZ448AAE

HPE Aruba Networking ClearPass - Onboard License 5K Users 1-year Subscription E-STU

JZ449AAE

HPE Aruba Networking ClearPass - Onboard License 10K Users 1-year Subscription E-STU

JZ450AAE

HPE Aruba Networking ClearPass - Onboard License 25K Users 1-year Subscription E-STU

JZ451AAE

HPE Aruba Networking ClearPass - Onboard License 50K Users 1-year Subscription E-STU

JZ452AAE

HPE Aruba Networking ClearPass - Onboard License 100K Users 1-year Subscription E-STU

JZ453AAE

HPE Aruba Networking ClearPass - Onboard License 100 Users 3-year Subscription E-STU

JZ454AAE

HPE Aruba Networking ClearPass - Onboard License 500 Users 3-year Subscription E-STU

JZ455AAE

HPE Aruba Networking ClearPass - Onboard License 1K Users 3-year Subscription E-STU

JZ456AAE

HPE Aruba Networking ClearPass - Onboard License 2500 Users 3-year Subscription E-STU

JZ457AAE

HPE Aruba Networking ClearPass - Onboard License 5K Users 3-year Subscription E-STU

JZ458AAE

HPE Aruba Networking ClearPass - Onboard License 10K Users 3-year Subscription E-STU

JZ459AAE

HPE Aruba Networking ClearPass - Onboard License 25K Users 3-year Subscription E-STU

JZ460AAE

HPE Aruba Networking ClearPass - Onboard License 50K Users 3-year Subscription E-STU

JZ461AAE

HPE Aruba Networking ClearPass - Onboard License 100K Users 3-year Subscription E-STU

JZ462AAE

HPE Aruba Networking ClearPass - Onboard License 100 Users 5-year Subscription E-STU

JZ463AAE

HPE Aruba Networking ClearPass - Onboard License 500 Users 5-year Subscription E-STU

JZ464AAE

HPE Aruba Networking ClearPass - Onboard License 1K Users 5-year Subscription E-STU

JZ465AAE

HPE Aruba Networking ClearPass - Onboard License 2500 Users 5-year Subscription E-STU

JZ466AAE

HPE Aruba Networking ClearPass - Onboard License 5K Users 5-year Subscription E-STU

JZ467AAE

HPE Aruba Networking ClearPass - Onboard License 10K Users 5-year Subscription E-STU

JZ468AAE

HPE Aruba Networking ClearPass - Onboard License 25K Users 5-year Subscription E-STU

JZ469AAE

HPE Aruba Networking ClearPass - Onboard License 50K Users 5-year Subscription E-STU

JZ470AAE

HPE Aruba Networking ClearPass - Onboard License 100K Users 5-year Subscription E-STU

JZ471AAE

HPE Aruba Networking ClearPass OnGuard Software


HPE Aruba Networking ClearPass - OnGuard License 100 Users E-LTU

JZ472AAE

HPE Aruba Networking ClearPass - OnGuard License 500 Users E-LTU

JZ473AAE

HPE Aruba Networking ClearPass - OnGuard License 1K Users E-LTU

JZ474AAE

HPE Aruba Networking ClearPass - OnGuard License 2500 Users E-LTU

JZ475AAE

HPE Aruba Networking ClearPass - OnGuard License 5K Users E-LTU

JZ476AAE

HPE Aruba Networking ClearPass - OnGuard License 10K Users E-LTU

JZ477AAE

HPE Aruba Networking ClearPass - OnGuard License 25K Users E-LTU

JZ478AAE

HPE Aruba Networking ClearPass - OnGuard License 50K Users E-LTU

JZ479AAE

HPE Aruba Networking ClearPass - OnGuard License 100K Users E-LTU

JZ480AAE

HPE Aruba Networking ClearPass - OnGuard License 100 Users 1-year Subscription E-STU

JZ481AAE

HPE Aruba Networking ClearPass - OnGuard License 500 Users 1-year Subscription E-STU

JZ482AAE

HPE Aruba Networking ClearPass - OnGuard License 1K Users 1-year Subscription E-STU

JZ483AAE

HPE Aruba Networking ClearPass - OnGuard License 2500 Users 1-year Subscription E-STU

JZ484AAE

HPE Aruba Networking ClearPass - OnGuard License 5K Users 1-year Subscription E-STU

JZ485AAE

HPE Aruba Networking ClearPass - OnGuard License 10K Users 1-year Subscription E-STU

JZ486AAE

HPE Aruba Networking ClearPass - OnGuard License 25K Users 1-year Subscription E-STU

JZ487AAE

HPE Aruba Networking ClearPass - OnGuard License 50K Users 1-year Subscription E-STU

JZ488AAE

HPE Aruba Networking ClearPass - OnGuard License 100K Users 1-year Subscription E-STU

JZ489AAE

HPE Aruba Networking ClearPass - OnGuard License 100 Users 3-year Subscription E-STU

JZ490AAE

HPE Aruba Networking ClearPass - OnGuard License 500 Users 3-year Subscription E-STU

JZ491AAE

HPE Aruba Networking ClearPass - OnGuard License 1K Users 3-year Subscription E-STU

JZ492AAE

HPE Aruba Networking ClearPass - OnGuard License 2500 Users 3-year Subscription E-STU

JZ493AAE

HPE Aruba Networking ClearPass - OnGuard License 5K Users 3-year Subscription E-STU

JZ494AAE

HPE Aruba Networking ClearPass - OnGuard License 10K Users 3-year Subscription E-STU

JZ495AAE

HPE Aruba Networking ClearPass - OnGuard License 25K Users 3-year Subscription E-STU

JZ496AAE

HPE Aruba Networking ClearPass - OnGuard License 50K Users 3-year Subscription E-STU

JZ497AAE

HPE Aruba Networking ClearPass - OnGuard License 100K Users 3-year Subscription E-STU

JZ498AAE

  • Technical Specifications

    Appliances

    HPE Aruba Networking ClearPass Policy Manager is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure.

    • – VMware ESXi up to 8.0
    • – Microsoft Hyper-V 2016/2019 R2/2019
    • – KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04
    • – Amazon AWS (EC2)
    • – Microsoft Azure

    Platform

    • – Deployment templates for any network type, identity store and endpoint
    • – 802.1X, MAC authentication and captive portal support
    • – HPE Aruba Networking ClearPass OnConnect for SNMP-based enforcement on wired switches
    • – Advanced reporting, analytics and troubleshooting tools
    • – Interactive policy simulation and monitor mode utilities
    • – Multiple device registration portals - Guest, HPE Aruba Networking AirGroup, BYOD, and un-managed devices
    • – Admin/operator access security via CAC and TLS certificates

    Framework and Protocol Support

    • – RADIUS, RADIUS Dynamic Authorization, TACACS+, web authentication, SAML v2.0
    • – RadSec (TLS encoded RADIUS)
    • – 802.1X-2010, 802.1X-2020
    • – TEAP (Tunneled EAP)
    • – EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
    • – PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAPPublic, EAP-PWD)
    • – TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)
    • – EAP-TLS
    • – PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
    • – OAuth2
    • – WPA3
    • – Windows machine authentication
    • – SMB v2/v3
    • – Online Certificate Status Protocol (OCSP)
    • – SNMP generic MIB, SNMP private MIB
    • – Common Event Format (CEF), Log Event Extended Format (LEEF), and RFC5424

    Supported Identity Stores

    • – Microsoft Active Directory
    • – RADIUS
    • – Any LDAP compliant directory
    • – MySQL, Microsoft SQL, PostGRES and Oracle 11g ODBC-compliant SQL server
    • – Token servers
    • – Built-in SQL store, static hosts list
    • – Kerberos
    • – Microsoft Azure Active Directory
    • – Google G Suite

    RFC Standards

    2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302, 4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176, 5216, 5246, 5280, 5281, 5282, 5424, 5755, 5759, 6614, 6818, 6960, 7030, 7170, 7296, 7321, 7468, 7748, 7815, 8031, 8032, 8247, 8446, 8709, 8894, 8908


    Internet Drafts

    Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST.


    Profiling Methods

    • – Active: Nmap, WMI, SSH, SNMP
    • – Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX, sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
    • – HPE Aruba Networking ClearPass Device Insight
    • – Integrated & 3rd Party: Onboard, OnGuard, HPE Aruba Networking OS, EMM/MDM, Cisco device sensor

    IPv6 Support

    • – RADIUS and RadSec
    • – TACACS+
    • – Clustering (intra-node communication)
    • – Web and CLI based management
    • – IPv6 addressed authentication & authorization servers
    • – IPv6 accounting proxy
    • – IPv6 addressed endpoint context servers
    • – Syslog, DNS, NTP, IPsec IPv6 targets
    • – IPv6 Virtual IP for high availability
    • – HTTP Proxy
    • – Ingress Event Engine Syslog sources
    • – Onboard, OnGuard

Certifications

  • – FIPS 140-2 level 1 certificate 4473
  • – Common Criteria NDcPPv2.2e
  • – NIAP Common Criteria NDcPPv2.1+AUTHSVR 1.0 VID 11324
  • – Pv6 Ready (including USGv6 r-1)

C1000 Appliance (JZ508A)

C2020 Appliance (R1V83A)

C3010 Appliance (R1V82A)

N3000 Appliance (S3N66A)

N3001 Appliance (S3N65A)

Appliance

Specifications

Hardware model

Unicom S-1200 R4

HPE DL360 Gen10

HPE DL360 Gen10

HPE DL325 Gen11

HPE DL325 Gen11

CPU

(1) Atom 2.4GHz C2758 with Eight Cores (8 Threads)

(1) Xeon 2.3 GHz Gold 5118 with 12 Cores (12 Threads)

(1) Xeon 2.3GHz Gold 5118 with Twelve Cores (24 Threads)

AMD EPYC 9124 with 16 cores (32 Threads)

AMD EPYC 9124 with 16 cores (32 Threads)

Memory

8 GB

16 GB

64 GB

128 GB

128 GB

Hard drive storage

(1) SATA (7.3K RPM) 1TB hard drive

(2) SATA (7.2K RPM) 1TB hard drives, RAID-1 controller

(6) SAS (10K RPM) 600GB Hot-Plug hard drives RAID-10 controller

(3) SSD (960GB SATA) RAID-5 controller

(3) SSD (960GB SATA) RAID-5 controller

Out of band management

N/A

HPE Integrated Light-Out (iLO) Advanced

HPE Integrated Lights-Out (iLO) Advanced

HPE Integrated Lights-Out (iLO) Advanced

HPE Integrated Lights-Out (iLO) Advanced

Network interfaces

4 x 1GbE

4 x 1GbE

4 x 1GbE

4 x 1GbE

4 x 10/25 GbE SPF28

Serial port

Yes (RJ-45)

Yes (DB-9)

Yes (DB-9)

Yes (DB-9)

Yes (DB-9)

Performance and scale

Please refer to the ClearPass Scaling & Ordering Guide

Minimum software version

ClearPass Policy Manager 6.6

ClearPass Policy Manager 6.11

ClearPass Policy Manager 6.7

ClearPass Policy Manager 6.11

ClearPass Policy Manager 6.11

Form Factor

Rackmount

Included

Included

Included

Included

Included

Dimensions (WxHxD)

17.2” x 1.7” x 11.3”

17.1 x 1.7 x 27.8”

17.1 x 1.7 x 27.8”

17.1 x 1.7 x 25.6

17.1 x 1.7 x 25.6

Weight (max config)

8.5 Lbs

Up to 36 Lbs

Up to 36 Lbs

Up to 34.5 Lb

Up to 34.5 Lb

Power

Power supply

200 watts max

HPE 500W Flex Slot Platinum Hot Plug Power Supply

HPE 500W Flex Slot PlatinumHot Plug Power Supply

(2) HPE 1000W Flex Slot Titanium Hot Plug Power Supply

(2) HPE 1000W Flex Slot Titanium Hot Plug Power Supply

Power cord

C13 - NEMA 5-15P US/CA 110V 10Amp Power Cord

C13 - C14 WW 250V 10Amp Jumper Cord

C13 - C14 WW 250V 10Amp Jumper Cord

(2) C13 -C14 WW 250V 10A JumperCord

(2) C13 -C14 WW 250V 10A JumperCord

Power redundancy

N/A

Optional

Optional

Included

Included

AC input voltage

100/240 VAC auto-selecting

AC input frequency

50/60 Hz auto-selecting

Environmental

Operating temperature

5º C to 35º C (41º F to 95º

F)

10° to 35°C (50° to 95°F)

10º C to 35º C (50º F to

95º F)

10° to 35°C (50° to 95° F)

10° to 35°C (50° to 95° F)

Operating vibration

0.25 G at 5 Hz to 200 Hz for 15 minutes

Random vibration at 0.000075 G2/ Hz, 10Hz to 300Hz, (0.15 G’s nominal)

Random vibration at 0.000075 G²/Hz, 10Hz to 300Hz, (0.15 G’s nominal)

Random vibration at 0.000075 G/Hz, 10Hz to 300Hz (0.15 G’s nominal)

Random vibration at 0.000075 G/Hz, 10Hz to 300Hz (0.15 G’s nominal)

Operating shock

1 shock pulse of 20 G for up to 2.5 ms

2 G’s

2 G’s

2 G’s

2 G’s

Operating altitude

-16 m to 3,048 m (-50 ft to 10,000 ft)

3,050 m (10,000 ft)

3,050 m (10,000 ft)

3,050 m (10,000 ft)

3,050 m (10,000 ft)

  • Summary of Changes

Date

Version History

Action

Description of Change

27-Feb-2026

Version 20

Changed

Rebranding update applied to QuickSpecs

21-Jan-2025

Version 19

Changed

Standard Features section was updated.

16-Dec-2024

Version 18

Changed

Configuration Information section was updated.

14-Oct-2024

Version 17

Changed

Configuration Information section was updated.

03-Jun-2024

Version 16

Changed

Configuration Information section was updated.

06-May-2024

Version 15

Changed

Configuration Information section was updated.

22-Jan-2024

Version 14

Changed

Series name was updated.

10-Jul-2023

Version 13

Changed

Configuration Information section was updated.

03-Apr-2023

Version 12

Changed

Overview, Standard Features, Configuration Information, and Technical Specifications sections were updated.

04-May-2021

Version 11

Changed

Configuration Information section was updated.

06-Jul-2020

Version 10

Changed

Overview, Standard Features, Configuration Information and Technical Specification sections were updated.

New SKU was added.

04-May-2020

Version 9

Changed

Configuration Information section was updated.

12-Mar-2020

Version 8

Changed

Technical Specification section was updated.

18-Nov-2019

Version 7

Changed

Configuration Information, section was updated.

Obsolete SKUs were removed.

05-Aug-2019

Version 6

Changed

SKU added R1V82A

Configuration Information, Related Options and Technical Specification sections were updated.

04-Mar-2018

Version 5

Changed

SKUs added: R1U35AAE, R1U36AAE, R1U37AAE, R1U38AAE, R1U39AAE, R1U40AAE, R1U41AAE, R1U42AAE, R1U43AAE, R1U44AAE, R1U45AAE, R1U46AAE, R1U47AAE, R1U48AAE, R1U49AAE, R1U50AAE, R1U51AAE, R1U52AAE

Overview section updated

18-Dec-2017

Version 4

Changed

Minor edit on Configuration section

04-Dec-2017

Version 3

Changed

SKUs added: JZ508A, JZ509A, JZ510A, JZ399AAE, JX923A

All document sections updated

07-Nov-2016

Version 2

Added

SKUs added: JW771A, JW772A

01-Nov-2016

Version 1

New

New QuickSpecs

© Copyright 2026 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

To learn more, visit: http://www.hpe.com/networking

c05272683, - 15701 - Worldwide - V20 - 27-February-2026

Recommended for you