Dell PowerConnect W Clearpass 100 Software Trapeze Networks Integration Guide
Dell PowerConnect W Clearpass 100 Software Manual
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 1
Trapeze Networks Integration Guide Revision 0.9 Date 27 May 2009 Copyright © 2007 amigopod Pty Ltd amigopod Head Office amigopod Pty Ltd Suite 101 349 Pacific Hwy North Sydney, NSW 2060 Australia ABN 74 124 753 420 Web www.amigopod.com Phone +61 2 8669 1140 Fax +61 7 3009 0329 - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 2
Portal service-profile 13 Step 3 - Enable Logout function for wireless users 13 Step 4 - Enable RADIUS Authentication & Accounting 14 profile 15 Step 8 - Save new configuration 15 Testing the Configuration...16 Step 1 - Create a test user account 16 Step 2 - Connect to the amigopod wireless - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 3
access to the network is granted. Captive portal authentication is the simplest form of authentication to use and requires no software installation or configuration on the client. The username/password exchange is encrypted using standard SSL encryption. However, Captive Portal authentication - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 4
that the customer always check for the latest integration guide available from either amigopod or Trapeze. Date Tested: AmigoPod Version: Plugins Required: MSS Version: Integration: May 2009 KernelÆ1.9.6, Radius ServicesÆ 1.9.5 Standard build only 7.0.9.6 HTTP Captive Portal Amigopod was deployed - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 5
Although the MXR-2 MSS supports both internal and external Captive portal functionality, this integration guide will focus on the later and reference external RADIUS servers for the authentication and accounting of visitor accounts. In the standalone Trapeze Guest provisioning solution the local - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 6
assumes that the amigopod software or appliance has been powered up and a basic IP configuration has been applied through the setup wizard to allow the administrator to access the Web User Interface. The following table again reviews the IP Addressing used in the test environment but this would - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 7
required in the first step of the Trapeze configuration. From the RADIUS ServicesÆNetwork Access Servers screen click on the Create button to add a new of the Trapeze Controller, set the NAS Type as Trapeze Networks (RFC 3576 Support) and enter the key of wireless in the Shared Secret field. Click - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 8
Step 2 - Restart RADIUS Services A restart of the RADIUS Service is required for the new NAS configuration to take effect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete. CONFIDENTIAL 8 - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 9
Step 3 - Create a Web-Login Page From the RADIUS ServicesÆWeb Logins page select the Trapeze Networks Login entry and Click the Edit button. From the RADIUS Web Login page enter the IP Address of - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 10
the Web Logins page, select the Trapeze Networks Login entry and Click the Test button and in a new window the configured captive portal page will be Note: Make note of the URL presented in the web browser after the Test button has been clicked. This URL will be required in the configuration of - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 11
10.9.4.50 10.9.4.1 10.9.4.8 Auth 1812 Acc 1813 (default settings) Below is the configuration snippet of the basic IP configuration that is assumed for the test lab environment: set ip dns domain amigopod.com set ip dns enable set ip route default 10.9.4.1 1 set ip dns server 10.9.4.1 PRIMARY set - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 12
Step 1 - Create RADIUS Definition for amigopod From the Trapeze CLI ensure you are in enable mode by checking the # suffix on the hostname as shown below: mxr-2# Enter the following two set commands to create firstly a RADIUS server definition for amigopod including the IP address and shared secret - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 13
service definition for our Captive Portal test environment: set service-profile captive-portal ssid-name amigopod set service-profile captive-portal ssid-type clear set service a Logout pop-up window to allow the user to manually terminate their captive portal session. The session is either ended - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 14
from the enable prompt: set authentication web ssid amigopod ** radius set accounting web ssid amigopod ** start-stop radius Please note if you are to be also permitted to the IP address of the amigopod. In our test environment the amigopod IP address is 10.9.4.8 as shown in the summary diagram. - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 15
to display the login page. Based on the URL, presented in the last section, enter the following set command to configure the redirect process: set service-profile captive-portal web-portal-form http://10.9.4.8/weblogin.php/6 Step 7 - Apply new SSID to radio profile In order for the new SSID to be - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 16
and the amigopod solution is complete, the following steps can be followed to verify the setup. Step 1 - Create a test user account Within the amigopod RADIUS Server a test user account can be created using the amigopod Guest Manager. From the Guest Manager menu, select the Create New Guest - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 17
2 - Connect to the amigopod wireless network Using a test laptop with a compatible 802.11 based wireless card attempt visible from the test laptop, double check the configuration of the Trapeze Controller and potentially source a second wireless test device to see if the problem is laptop specific. - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 18
show sessions 1 session total User Name SessID AP/Radio - web-portal-amigopod 4 Type Address VLAN - 10.9.4.12 default 1/2 mxr-2# As you can see above, the test laptop IP address of 10.9.4.12 is currently under the control of amigopod based Web-Portal process. CONFIDENTIAL 18 - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 19
and redirect the user to the amigopod hosted login page as shown below: Enter the test user details entered and recorded in Step 1 above and click the Login button. At this point the test user should be successfully authenticated and allowed to transit through the controller and onto the Internet - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 20
and now able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user - in this example, cam. Select the RADIUS ServicesÆServer Control menu option and the screen displayed will show the status of the RADIUS server and a tail of the - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 21
rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup WHERE usergroup.Username = 'cam' AND usergroup. - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 22
Step 7 - Check User Experience After successful login the user web browser should be displayed with a holding page informing them that they are about to be redirected to their original requested page (in our example www.amigopod.com) and also the Logout pop-up box should be displayed as shown below: - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 23
amigopod configuration section earlier, we have already defined the Trapeze NAS definition to be RFC3576 Support compatible and therefore no further configuration of the amigopod is required. Note: RADIUS accounting must be enabled as per Step 4 in the Trapeze Configuration section earlier to ensure - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 24
reference to amigopod is the SSID and the second reference is to the amigopod RADIUS server definition. Please modify these to suit your deployment. Step 3 - Test Disconnect of authenticated user Now that all of the required Dynamic Authorisation configuration is complete, we can perform a quick - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 25
we can also see the entry for the authenticated wireless user: To disconnect the wireless user, click on the top Active Session entry for your test user (depicted by the coloured wireless icon in the left hand column) and click the Disconnect button below. Now returning to the Trapeze CLI, if - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 26
an extensive RADIUS dictionary of vendors and includes the full list of supported VSAs from Trapeze. For more details on the definition and use of amigopod are honored by the Trapeze MX. Test Setup The following screenshot from the amigopod RADIUS Services Æ Users Roles shows how several RADIUS - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 27
of the RADIUS attributes sent as part of the RADIUS Accept message, the Interim accounting details were received each 60 seconds and the session was terminated successfully after 180 seconds. From the test client perspective, even though they originally requested www.google.com as their initial web - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 28
Detailed RADIUS Debug rad_recv: Access-Request packet from host 10.9.4.50:20000, id=14, length=117 User-Name = "cam" Calling-Station-Id = "00-40-96-A1-F3-99" Called-Station-Id = "00-0B-0E-90-B8-83:amigopod" NAS-Port = 13 NAS-Port-Type = Wireless-802.11 NAS-IP-Address = 10.9.4.50 NAS-Identifier = " - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 29
Reply-Message = "Guest" Trapeze-URL = "http://www.amigopod.com" Filter-Id = "post-auth.in" Acct-Interim-Interval = 60 Session-Timeout = 180 rad_recv: Accounting-Request packet from host 10.9.4.50:20000, id=15, length=211 Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Multi-Session-Id = "SESS - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 30
IS NULL rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: affected rows = 1 rlm_sql (sql): Released sql socket id: 4 Sending Accounting-Response of id 16 to 10.9.4.50 port 20000 rad_recv: Accounting-Request packet from host 10.9.4.50:20000, id=17, length=241 Acct-Status-Type = Interim - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 31
IS NULL rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: affected rows = 1 rlm_sql (sql): Released sql socket id: 3 Sending Accounting-Response of id 17 to 10.9.4.50 port 20000 rad_recv: Accounting-Request packet from host 10.9.4.50:20000, id=18, length=241 Acct-Status-Type = Stop - Dell PowerConnect W Clearpass 100 Software | Trapeze Networks Integration Guide - Page 32
-67c56c' AND UserName='cam' ??AND NASIPAddress='10.9.4.50' AND AcctStopTime IS NULL rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: affected rows = 1 rlm_sql (sql): Released sql socket id: 2 Sending Accounting-Response of id 18 to 10.9.4.50 port 20000 CONFIDENTIAL 32
Trapeze Networks
Integration Guide
Revision
Date
0.9
27 May 2009
Copyright © 2007 amigopod Pty Ltd
amigopod Head Office
amigopod Pty Ltd
Suite 101
349 Pacific Hwy
North Sydney, NSW 2060
Australia
ABN 74 124 753 420
Web
www.amigopod.com
Phone
+61 2 8669 1140
Fax
+61 7 3009 0329