Express shipping to
Contact Us
Track Order
Search
Popular Search
Inquiry
Shopping Cart
Login

Coupon
Quote now,
save up to 8%.

Inquiry
Contact

Feedback
Your Feedback
How would you Rate us?
Ease of use:
Buying feedback:
Product details:
FAQ banner
Get the Help and Supports!

This help center can answer your questions about customer services, products tech support, network issues.
Select a topic to get started.

ICT Tech Savings Week
2025 MEGA SALE | In-Stock & Budget-Friendly for Every Project
Shop Now

Aruba ClearPass Licensing Guide: Access, Onboard, and OnGuard Explained

Selene Gong

Deploying a Network Access Control (NAC) platform like Aruba ClearPass is often driven by security audits, zero-trust initiatives, or large-scale BYOD adoption. However, many IT teams discover that ClearPass licensing—not configuration—is the real blocker during planning and procurement. This Aruba ClearPass Licensing Guide focuses on how licenses actually work in production environments, how to size them correctly, and how to avoid common cost and compliance risks.

Rather than listing SKUs, this guide explains ClearPass licensing from a decision-making perspective: what to buy, why it is required, and how licensing impacts scalability, renewals, and long-term operations.


Table of Contents


Part 1: Aruba ClearPass Licensing Overview

Aruba ClearPass licensing is modular by design. Instead of a single “all-in-one” license, ClearPass uses a layered model that separates the platform, core access control capabilities, and advanced add-on features. This structure allows organizations to align licensing with actual network usage rather than overpaying for unused functionality.

Since Aruba ClearPass 6.7, legacy enterprise licenses have been phased out in favor of Access, Entry, and add-on modules. Understanding this shift is critical when deploying new ClearPass servers or upgrading existing environments.


Part 2: ClearPass License Types Explained

ClearPass deployments typically involve three licensing layers.

  • Platform License: Required for every physical or virtual ClearPass server. Without it, no ClearPass services can run.
  • Base Application Licenses: Define core NAC functionality and are available as Entry or Access.
  • Add-on Licenses: Extend ClearPass into specialized use cases such as BYOD onboarding or device posture checks.

The Access license is the most commonly deployed option in enterprise environments because it enables full policy enforcement, profiling, and third-party integrations. Entry licenses are suitable for smaller deployments that only require basic 802.1X authentication.

Add-on licenses include:

  • Onboard: Certificate-based BYOD onboarding
  • OnGuard: Endpoint posture and compliance checks
  • Guest: Self-service and sponsored guest access

Part 3: Subscription vs Perpetual Licensing Models

Aruba ClearPass supports both subscription-based and perpetual licenses, and the choice has direct budget and lifecycle implications.

  • Perpetual Licensing: One-time purchase with optional support renewals. Often more cost-effective for stable, long-term deployments.
  • Subscription Licensing: Available in 1-, 3-, or 5-year terms. Lower upfront cost and aligned with OpEx-focused budgeting.

For environments with predictable growth and long hardware lifecycles, perpetual licenses usually provide better long-term value. Subscription licenses are often preferred for short-term projects, pilot environments, or rapidly changing infrastructures.


Part 4: ClearPass Licensing Sizing and Scaling

A common sizing mistake is licensing based on users instead of devices. In modern networks, employees often authenticate multiple endpoints.

A practical sizing baseline is the 2.5 device-per-user rule. For example, 3,000 employees typically generate around 7,500–8,000 active endpoints.

ClearPass appliances are available in different capacity tiers, such as 500, 5K, and 25K. Licenses are pooled at the cluster level, allowing Subscriber nodes to share capacity from the Publisher.

For redundancy, most enterprise deployments use at least two ClearPass servers. This not only improves availability but also protects license availability during maintenance or hardware failure.


Part 5: Upgrade, Renewal, and Migration Considerations

Licensing behavior changes during upgrades, especially when migrating from older ClearPass versions.

  • Platform and Access licenses are generally reusable across virtual machines.
  • Entry licenses can be upgraded to Access by purchasing an upgrade SKU.
  • Licenses are consumed based on concurrent active sessions, not total registered devices.

For Onboard, license consumption is based on active certificates per user, not per device. One user with multiple devices consumes only a single Onboard license.


Part 6: Cost and Risk Mitigation Strategies

Under-licensing ClearPass can result in denied network access during peak usage. Always include a buffer above estimated concurrency.

Larger license packs are typically more cost-effective than multiple small packs. Planning ahead reduces both cost and administrative overhead.

When ClearPass is deployed alongside switching or wireless refresh projects, procurement teams often consolidate sourcing to reduce compatibility and lifecycle risks. In such scenarios, global suppliers like Router-switch can support multi-region hardware availability, licensing alignment, and post-deployment technical assistance, especially for mixed Aruba environments.


Part 7: Aruba ClearPass Licensing FAQ

Q1.What happens if a ClearPass session does not disconnect properly?

ClearPass performs periodic session checks. If a disconnect is not detected, the license is automatically returned to the pool 24 hours after the last recorded activity.

Q2.Can Entry licenses be upgraded to Access licenses?

Yes. Entry licenses can be upgraded by purchasing the appropriate upgrade SKU and paying the price difference.

Q3.Does ClearPass Onboard replace an existing PKI?

No. Onboard works with existing PKI infrastructure to automate certificate issuance and lifecycle management for user devices.

Q4.Are ClearPass licenses tied to specific hardware?

Licenses are tied to the ClearPass server instance but can typically be migrated during hardware refreshes or virtualization changes, subject to Aruba licensing policies.


Conclusion

Aruba ClearPass licensing is not just a procurement task—it is a design decision that affects scalability, user experience, and security posture. By understanding how Platform, Access, and add-on licenses interact, IT teams can avoid overbuying, prevent access disruptions, and build a ClearPass deployment that scales with real network demand.

Expert

Expertise Builds Trust

20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert

Categories: Brand Aruba
Tags: Network Access Control  Aruba ClearPass Licensing Guide  ClearPass Access License  ClearPass Onboard  ClearPass OnGuard  Aruba NAC 
Was this article helpful? 19 out 22 found this helpful
Categories
Tags
Enterprise Networking Cisco Catalyst 9300 Cisco Catalyst Catalyst 9300 IT procurement network security PoE Network Deployment network troubleshooting StackWise Cisco Meraki IOS XE VLAN enterprise network Video Surveillance password recovery Network Administration Catalyst 9200 PoE switches Cisco 9300
Log in
Register