Welcome to the Policy Manager Deployment Guide

The Policy Manager Deployment Guide is intended to assist field System Engineers, network administrators, customers and partners in deploying Policy Manager. This guide presents the recommended sequence in which Policy Manager deployment should take place, and makes the major deployment tasks as easy as possible to implement.


The Deployment Guide is intended for users that have already installed ClearPass. For information on installation and basic setup, tasks, including steps to Install and configure Policy Manager hardware and virtual appliances, refer to the ClearPass Installation Guide.

The Policy Manager Deployment Guide includes the following information:

Prepare the Mobility Controller for integration with Policy Manager

Integrate Policy Manager with Microsoft Active Directory

Set up 802.1X wireless authentication with Active Directory

Design and deploy Policy Manager clusters

Integrating the ArubaOS switch with Policy Manager

Integrating the Cisco Switch with Policy Manager

Configure a Mobility Access Switch for 802.1X wired authentication

Prepare Policy Manager for LDAP and SQL authentication

802.1X EAP-PEAP Reference

Intended Audience

The intended audience for the Policy Manager Deployment Guide includes customers, partners, and field System Engineers.

This document is not a training guide, and it is assumed the reader has at minimum foundational training in Policy Manager essentials and, if possible, Aruba Certified Policy Manager Professional (ACCP) certification.

The user of this guide should have a working knowledge of the following:

AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. technologies (RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. , 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address authentication, and Web authentication)

Layer-2 and Layer-3 networking

Microsoft Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.

Switch technologies: ArubaOS, Cisco switches, Aruba Mobility Access Switch


Providing information about network device configurations and capabilities is outside the scope of this guide. For information on these topics, refer to the documentation provided by the vendor of your network equipment.