Networking
1837390 Members
3155 Online
110116 Solutions
New Article
NetworkExperts

Implement cloud NAC functionalities by HPE Aruba Networking Central NAC subscription

The article outlines HPE Aruba Networking Central NAC’s features, use cases, and business value—highlighting what’s included for free and what requires a subscription.

Implement advanced cloud NAC functionalities with HPE Aruba Networking Central NAC subscription—Available globally now

HPE202402252137_800_0_72_RGB.jpg

During Discover 2025, we announced our plans to expand cloud NAC capabilities—and now, just three months later, we’re excited to share that HPE Aruba Networking Central NAC is officially available to all HPE Aruba Networking Central customers. With this addition to HPE Aruba Networking Central, our customers can simplify complex network security policy management, leverage cloud scalability, decrease operational overhead and significantly reduce the training and turnaround time required to skill IT professionals on the platform. HPE Aruba Networking Central customers can leverage this robust, cloud-native NAC solution without any additional cost—to implement core NAC functionalities. Customer seeking to implement advanced or pro NAC functionalities need to buy an additional license—NAC subscription.

HPE Aruba Networking Central NAC is a cloud-delivered NAC solution engineered to solve network security challenges of modern organizations. It provides organization-wide secure and seamless access for users and devices through centralized authentication and authorization. As a cloud-native platform, HPE Aruba Networking Central NAC offers quantifiable business benefits, including:

  • Ease of use: A highly intuitive interface supporting rapid onboarding and straightforward policy management, reducing time to value and lowering the learning curve for the IT teams.
  • Robust security: HPE Aruba Networking Central NAC is developed by the team behind HPE Aruba Networking ClearPass, bringing proven security capabilities to the cloud.
  • Cloud scalability: Organizations can effortlessly scale NAC controls to support a growing and geographically distributed workforce, without infrastructure bottlenecks.
  • Reduced operational expense: Cloud delivery minimizes hardware needs and reduces ongoing management overhead, driving down operational expenditures.

HPE Aruba Networking Central NAC supports our vision of security-first, AI-native networking; we believe security should be built-in and not bolted-on. Built into HPE Aruba Networking Central, HPE Aruba Networking Central NAC seamlessly works with other features set of the platform to enable IT team to deploy a zero-trust network access at no additional cost and admin expertise in NAC, so that our customers can realize the full security potential of the platform.

As mentioned earlier, HPE Aruba Networking Central NAC is available to all HPE Aruba Networking Central customers without any additional cost—enabling IT teams to implement core NAC functionalities such as authentication, authorization, visitor access, and captive portal customization. Customer seeking to deploy advanced or pro NAC functionalities, such as support for BYOC, third-party NAD support, support for multiple IdPs, and more context-driven policies need to buy additional licenses—NAC subscription.

HPE Aruba Networking Central NAC (core) feature set (included in the HPE Aruba Networking Central Foundation/Advanced license)

  • Authentication: Supports EAP-TLS, MAC Auth, MPSK, and Captive Portal authentication
  • IdPs: Supports: Google Workspace, Microsoft Entra ID, and Okta Workforce
  • Visitor and guest access controls: Built-in functionality for visitor management and captive portals customization
  • User Role-based access control: Provides context-based access to network

HPE Aruba Networking Central NAC (pro) feature set (add-on subscription license is required per active client)

  • Includes all the features of HPE Aruba Networking Central NAC (core)
  • Multi-IdP: Enables organizations to use multiple IdPs simultaneously
  • Bring Your Own Certificate (BYOC): Allows customers to authenticate using their own certificates
    1. Administrators can choose which certificates to apply on a per-network basis. For example, they might use HPE provided    certificates on one network and their own on another or opt to use their existing certificates across all networks.
    2. Unlike many other solutions, HPE gives you the option to validate certificates in real time using Online Certificate Status Protocol (OCSP). This means no more manual updates or relying solely on expiration dates to determine certificate validity.
  • Third-party NAD support: HPE Aruba Networking Central NAC (pro) supports third-party network access devices (NADs) through an HPE Aruba Networking gateway appliance. In this setup, the third-party NAD communicates with the gateway using Remote Authentication Dial-In User Service (RADIUS), which is then securely encapsulated in RadSec to protect the transmission over the internet to HPE Aruba Networking Central.
    1. Upon receiving the request, HPE Aruba Networking Central NAC responds with the appropriate VLAN assignment, helping ensure the endpoint is correctly placed within the network. The system intelligently tracks the type of NAD in use, and when dynamic authorization is required—such as a Change of Authorization (CoA) or Disconnect Message—the correct message is automatically sent to the corresponding NAD. This process reinforces the robustness of your zero-trust network by ensuring precise and secure policy enforcement.
  • Granular authentication and authorization: HPE Aruba Networking Central NAC (pro) enables the IT teams to implement fine-grained security control through highly customizable policy rules. These rules can incorporate diverse identity sources and align them with certificate attributes, site locations, network types, and more—an expanding list of criteria. The resulting policy decision is ultimately returned as the User Role or VLAN ID, which is then enforced by the NAD.

A few use cases for day 1 operation

  • Retail chains: Securely onboard thousands of IoT devices and staff across distributed stores with minimal IT intervention
  • Healthcare: Enforce strict access policies for medical devices and staff while enabling seamless guest access for patients
  • Education: Support bring your own device (BYOD) for students and faculty while maintaining compliance and visibility

Leverage HPE Aruba Networking Central AI capabilities

The best part of delivering our new cloud NAC through HPE Aruba Networking Central is seamless integration with i) HPE Aruba Networking Central Client Insights—for AI-powered device profiling and visibility, and getting security context from third-party UEMs, and ii) HPE Aruba Networking Central Policy Manager: For orchestrating security policies on HPE Aruba Networking NADs.

Designed with proven NAC expertise

HPE Aruba Networking Central NAC is built upon a decade of experience from building and running HPE Aruba Networking ClearPass and incorporating feedback from enterprise customers. The result is a modern, cloud-delivered NAC solution that reduces complexity and operational overhead while providing robust, adaptable access control for today’s hybrid, device-diverse enterprise environments.

Organizations seeking to modernize network access control—while decreasing complexity, improving security posture, and reducing costs—will find HPE Aruba Networking Central NAC a comprehensive and future-ready solution.

Learn more at

hpe.com/psnow/doc/a00125615enw

Meet the author:

Bryan Lechner

Product Manager—ClearPass, Central NAC, SSE

linkedin.com/in/bryan-lechner-55344810/

About the Author

NetworkExperts