Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide
Dell PowerConnect W Clearpass 100 Software Manual
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 1
ClearPass Guest 3.9 Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 2
products include Open Source software code developed by third parties, including software code subject to the Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 3
Chapter 3 ClearPass Guest 19 About this Manual 19 Documentation Conventions 19 Documentation Overview 20 Getting Support 21 Field Help ...21 Quick Help ... 30 Network Provisioning 30 Site Preparation Checklist 31 Setup Guide 33 Hardware Appliance Setup 33 Default Network Configuration 33 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 4
Onboard Deployment Checklist 49 Onboard Feature List 51 Supported Platforms 51 Public Key Infrastructure for Onboard 52 Authority 74 Using Microsoft Active Directory Certificate Services 74 Installing a Certificate Authority's Certificate 89 4| ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 5
Instructions 103 Configuring an iOS Device VPN Connection 104 Configuring an iOS Device Email Account 106 Configuring an iOS Device Passcode Policy 108 Resetting Onboard Certificates and Configuration 110 Advanced: Device Authentication During Provisioning 110 Onboard Troubleshooting - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 6
1X Authentication and Certificate Management 146 Specifying Supported EAP Types 147 Creating a Server Certificate Active Directory Domain Services 157 Joining an Active Directory Domain 158 Testing Active Directory User Servers........171 Testing External Authentication Servers 174 Testing a - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 7
LDAP URL Syntax 193 Viewing the LDAP Server List 193 LDAP Operator Server Troubleshooting 194 Testing Connectivity 194 Testing Operator Login Authentication 194 Looking Up Sponsor Names 195 Troubleshooting Error Messages 195 LDAP Translation Rules 196 Custom LDAP Translation Processing 198 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 8
Sponsor Confirmation for Role Selection 262 Editing Download and Print Actions for Guest Receipt 267 Self-Service Portal Properties 268 Resetting Passwords with the Self-Service Portal 270 Accounts Form 277 Create Access Code Guest Accounts 278 8| ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 9
Gateways 302 Sending an SMS 304 About SMS Credits 305 About SMS Guest Account Receipts 305 SMS Receipt Options 306 Customize SMS Receipt 308 SMS Receipt Fields 309 SMTP Services 310 Configuring SMTP Services 310 About Email Receipts 310 Email Receipt Options 312 SMTP Receipt Fields 314 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 10
Created by Duplicating an Existing Report 353 Report Troubleshooting 355 Report Preview with Debugging 355 Troubleshooting Tips 356 Administrator Tasks 357 Accessing Administrator 357 368 Login Access Control 369 Network Diagnostic Tools 370 10 | ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 11
Proxy Configuration 375 SNMP Configuration 375 Supported MIBs 377 SMTP Configuration 378 SSL Content Manager 387 Uploading Content 388 Downloading Content 389 Additional Content Actions 389 Notifications ...391 OS Updates ...392 Manual Operating System Updates 392 Reviewing the Guide | 11 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 12
Portal Integration 417 Look and Feel 417 SMS Services 417 Hotspot Plans ...417 Modifying an Existing Plan Hotspot User Interface 424 High Availability Services 425 Accessing High Availability 425 About 438 Destroying a Cluster 438 Cluster Troubleshooting 439 Reference 441 Basic HTML Syntax - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 13
447 nwa_icontext 447 nwa_quotejs 448 nwa_radius_query 448 Advanced Developer Reference 450 nwa_assign 450 nwa_bling 450 nwa_makeid 451 Standard Fields 461 Hotspot Standard Fields 469 SMS Services Standard Fields 470 SMTP Services Standard Fields 470 Format Picture String Symbols 472 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 14
RADIUS Server Internal Attributes 501 LDAP Standard Attributes for User Class 501 Regular Expressions 501 Chapter 13 Glossary 503 Index ...507 14 | ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 15
Figure 41 Figure 42 Figure 43 Figure 44 ClearPass Guest 3.9 | Deployment Guide Visitor access using ClearPass Guest 23 Reference network diagram for visitor access 24 Modify fields ...288 RADIUS Role Editor 291 Configure SMS Services Plugin 307 Customize SMS Receipt page 309 Customize Email - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 16
addressing for a GRE tunnel 366 Data Retention Policy page 405 Guest self-provisioning 415 Network architecture of high availability cluster 426 16 | ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 17
Operators supported in filters 212 Operators supported in filters 215 Account Expiration Types 227 Visitor Management Forms and Views 228 Operators supported in filters 281 Operators supported in 445 Navigation Tags 451 Date and Time Formats 455 ClearPass Guest 3.9 | Deployment Guide | 17 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 18
461 GuestManager Standard Fields 462 Hotspot Standard Fields 469 SMS Services Standard Fields 470 SMPT Services Standard Fields 471 Picture String Symbols 472 Picture String Example Settings 498 Regular Expressions for Pattern Matching 502 18 | ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 19
which can pose problems for network security receipt with account details or they can be delivered wirelessly using the integrated SMS services. Companies partners. About this Manual This deployment guide is intended for system software. ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 19 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 20
3576 Dynamic Authorization" "SMS Services" "SMTP Services" "Administrator Tasks" A brief outline of this deployment guide includes: Chapter 2, explains how to create new reports to summarize visitor account information and network usage accounting data. Chapter 9, "Administrator Tasks" describes - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 21
services that may be used to deploy a cluster of appliances in a fault-tolerant configuration. Chapter 12, "Reference" contains technical reference information about many of the built-in features of the appliance. Getting Support of this deployment guide. Searching Help The deployment guide may be - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 22
in this Deployment Guide. If you cannot find an answer here, the next step is to contact your reseller. The reseller can usually provide you with the answer or obtain a solution to your problem. If you still need information, refer to the Web Resources command available under Support Services in the - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 23
you to become familiar with the terminology used in this guide and understand how ClearPass Guest can be successfully integrated into network is restricted, visitors must first obtain a username and password. A guest account may be provisioned by a corporate operator such as a receptionist, who can - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 24
the key interactions between ClearPass Guest and the people and other components involved in providing guest access. See Figure 3. 24 | Management Overview ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 25
and reported in summary form to ClearPass Guest using RADIUS accounting, which allows administrators to generate network usage reports. AAA Framework AAA framework, which consists of authentication, authorization, and accounting components. The following figure shows how the different components - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 26
the NAS [3], [4] using the login name and password of their guest account. The NAS authenticates the user with the RADIUS protocol [5]. ClearPass details about the user's session to the ClearPass Guest server using RADIUS accounting messages [8]. After the user's session times out [9], the NAS - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 27
reference to the relevant section of this deployment guide. Table 2 List of Key features Feature Refer to... Visitor Access RADIUS server providing authentication, authorization, and accounting (AAA) "RADIUS Services" features Support for 802.1X authentication "EAP and 802.1X Authentication - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 28
service (Web service) Perform a security audit of the system Synchronize server time automatically with NTP Syslog support SNMP support "Business Logic for Account Creation" "Account Expiration Types" "Account " "SNMP Configuration" 28 | Management Overview ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 29
Dictionary" Documentation Overview Visitor Management Terminology The following tables describes the common terms used in this guide. See Table 3. Table 3 Common Terms Term Accounting Authentication Authorization Captive Portal Field Form Netw ork Access Server Ope rator Profile Ope rator/Operator - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 30
traffic on the network to differentiate quality of service for guest accounts and non-guest accounts? What will be the password format for guest accounts? Will you be changing this format on a infrastructure - SSL certificate 30 | Management Overview ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 31
Checklist Policy Decision Security Policy Segregated guest accounts? Type of network access? Time of day ? Operational Concerns Who will manage guest accounts? Guest account self provisioning? What privileges will the Policy Password format for guest accounts? Shared secret format? Operator - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 32
32 | Management Overview ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 33
Guest in a virtual machine, See "Setting Up the Virtual Appliance" in this chapter. Hardware Appliance Setup Refer to the Hardware Setup Guide sheet included in the box with the appliance for detailed installation information for the chassis and rack assembly. Default Network Configuration The AMG - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 34
from the files in the virtual appliance directory. In version 3.5 of VMware ESXi, the management console is called VMware Infrastructure Client. In this software, use the File > Virtual Appliance > Import command to create a new virtual machine from the files in the virtual appliance directory. 34 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 35
no parity, and 1 stop bit. Flow control is not required. Both hardware and virtual appliances support command-line access directly at the console, and remotely via SSH. The following table summarizes the methods the initial setup wizard. ClearPass Guest 3.9 | Deployment Guide Setup Guide | 35 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 36
services Restarts major system services. 3 Reinitialize database Destroys the entire configuration of the appliance and resets to the factory default state. All guest accounts, operator logins, RADIUS accounting down and powers off the appliance. 36 | Setup Guide ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 37
new SSL certificate. Initial Configuraton Using the Setup Wizard When you first log in to the appliance using the graphical user interface, you will be guided through an initial configuration process, which is explained in more detail below. Logging In To start the setup wizard: Enter the default - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 38
support.arubanetworks.com. Setting the Administrator Password After you review and accept the software license agreement, you will be prompted to set the password for the administrator account. This account has full access to all settings and areas in the graphical user interface. 38 | Setup Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 39
you may choose to change the Operator Username of the administrative account. Changing the username of the administrator account does not change the username for logging in to the console user Administrator > Network Setup > System Hostname. ClearPass Guest 3.9 | Deployment Guide Setup Guide | 39 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 40
Setup > Network Interfaces. The results of an automated network diagnostic test are displayed at the top of the page. For more details about may be configured for automatic settings using DHCP or BOOTP, or can be manually configured for an IP address. When you choose one of these settings from - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 41
URL, as shown in the field help. For details on HTTP proxy settings, See "Automatic Network Diagnostics" in the Administrator Tasks chapter. ClearPass Guest 3.9 | Deployment Guide Setup Guide | 41 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 42
you have completed the fields on this form, click the Send Test Message button to send an email to a test email address. The test email is in the selected format, and is used to verify 1. Go to Administrator > Network Setup > SNMP Configuration. 42 | Setup Guide ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 43
the SNMP configuration. Configuring Server Time and Time Zone To ensure that authentication, authorization and accounting (AAA) is performed correctly, it is vital that the server maintains the correct time of traffic for the time server. ClearPass Guest 3.9 | Deployment Guide Setup Guide | 43 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 44
type, click Skip to Network Access Server List to continue with setup. To configure the default Network Access Services (NAS) vendor type: 1. In the NAS Type drop-down list, if your deployment uses only one to make changes to existing NAS devices. 44 | Setup Guide ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 45
NAS entry, see "Creating a Network Access Server Entry" in the RADIUS Services chapter. 3. Click Create NAS Device. To define additional NAS entries for and software appliances are shipped with a restricted default license. This default license permits each guest account to Guide Setup Guide | 45 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 46
Updates If you have entered any subscription IDs, the software checks for available software updates and new plugins that are part of your as a license plugin, custom skin, or new software modules, as well as any available updates to the software that was on your application when it was shipped. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 47
what you need. Simply click the Finish button to download and install the selected plugins. Setup Completion After downloading and installing the available plugin updates, the setup opens a the relevant section of this deployment guide in a new browser window. ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 48
are managed by operators using the Guest Manager component of the software. See "Guest Management" chapter for more details on setting up visitor account provisioning. RADIUS Services is for system administrator use, and provides fine-grained control over the AAA functions of the application - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 49
wireless endpoints. Provisioning of unique device credentials for BYOD and IT-managed devices. Support for Windows, Mac OS X, iOS and Android devices. Enables the revocation of unique See "Network Setup"in the Administrator Tasks chapter ClearPass Guest 3.9 | Deployment Guide Onboard | 49 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 50
which device types should be supported. See "Configuring Provisioning User Interface for Device Provisioning" Testing and Verification Test device provisioning. Verify that join the provisioned network and is authenticated successfully. Test device revocation. Revoke a device's certificate. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 51
network access Support for Windows, Supports SCEP enrollment of certificates user's device. Supports CRL generation to list revoked certificates Supports Supported Platforms The platforms supported Supported by ClearPass Onboard Platform Example Devices Version Required for Onboard Support - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 52
Example Devices Version Required for Onboard Support Notes Apple Mac OS X MacBook X 10.5 "Leopard" Android 2.2 (or higher) 2 Windows XP with Service Pack 2 2 Windows Vista with Service Pack 2 Windows 7 Note 1: Uses the "Over-the-air provisioning" method ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 53
the device and the user that provisioned the device. You do not need to manually create the profile signing certificate; it is created when it is needed. See traditional user-based authentication - disabling a user's account would impact all devices using those credentials. ClearPass Guest 3.9 | - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 54
an enterprise network. Personal (PSK) networks do not support this capability. Revoking Credentials to Prevent Network Access Revoking the configuration profile containing the settings for the provisioned network, instruct the device to forget the provisioned network settings, or | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 55
support EAP-TLS and PEAP-MSCHAPv2 authentication methods. The provisioned network must support configure a single SSID to support both provisioned and non- dual SSIDs to support provisioned devices Network Onboard supports the Online URL of an OCSP service to your network equipment. This URL can - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 56
configured to use HTTP. Configuring a Certificate Revocation List (CRL) for the Provisioned Network Onboard supports generating a Certificate Revocation List (CRL) that lists the serial numbers of certificates that have are also shown. 56 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 57
10.7 and later) and iOS devices use the "over-the-air" provisioning method. b. Other supported platforms use the "Onboard provisioning" method. 3. Once provisioned, client devices use a secure authentication method and authentication server. ClearPass Guest 3.9 | Deployment Guide Onboard | 57 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 58
types for the ClearPass Guest RADIUS server. ClearPass Policy Manager supports a rich policy definition framework. If you have complex policies to enforce, multiple authentication or authorization sources that define user accounts, or you need features beyond those available in the ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 59
-TLS client certificate. A sequence diagram showing the interactions between each component of this workflow is shown in Figure 11 on page 60. ClearPass Guest 3.9 | Deployment Guide Onboard | 59 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 60
it with network settings. Figure 12 on page 61 shows a sequence diagram that explains the steps involved in this workflow. 60 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 61
network identity during EAP-TLS authentication. Devices Supporting Onboard Provisioning ClearPass Onboard supports secure device provisioning for Microsoft Windows XP (service pack 2 and later), Microsoft Windows Vista is shown in Figure 13. ClearPass Guest 3.9 | Deployment Guide Onboard | 61 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 62
of the device. 2. Provisioning. The device provisioning page detects the device type and downloads or starts the QuickConnect app. The app authenticates the user and then provisions their device using PEAP-MSCHAPv2 unique device credentials. 62 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 63
device type: a. For Android devices, the link is to a file containing the Onboard configuration settings; downloading this file will launch the QuickConnect app on the device. b. For Windows and Mac, the link the steps involved in this workflow. ClearPass Guest 3.9 | Deployment Guide Onboard | 63 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 64
the content or formatting of this page. Customizing the properties of the device provisioning profile for iOS and OS X devices. 64 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 65
rest of this form, see "Creating a Web Login Page" in the RADIUS Services chapter. The Onboard-specific settings required for a device provisioning page are described below: the internal network. Please follow the instructions listed below: ClearPass Guest 3.9 | Deployment Guide Onboard | 65 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 66
device provisioning, navigate to Administrator > Network Setup > ClearPass, or click the ClearPass command link. The Manage ClearPass Servers form opens. 66 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 67
have "Super Administrator" privileges. Note: Onboard requires only the ability to create guest user accounts, Onboard accounts, and endpoint records. No other configuration changes are made using these credentials. The second part of the form specifies options for ClearPass Profiler. ClearPass - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 68
logged in. When client registers a guest account - Device information is sent to Profiler when a guest selfregistration form is completed and a guest account is created or updated. When client submits "Setting Up the Certificate Authority") 68 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 69
used internally to identify this certificate authority for the network administrator. These values are never displayed to the user during device provisioning. ClearPass Guest 3.9 | Deployment Guide Onboard | 69 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 70
reissuing certificates, it is recommended that you configure the certificate authority before any device provisioning or other configuration is done. 70 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 71
will be included in the root and signing certificates, and provides a way for users of the certificate authority to contact your organization. ClearPass Guest 3.9 | Deployment Guide Onboard | 71 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 72
reissuing certificates, it is recommended that you configure the certificate authority before any device provisioning or other configuration is done. 72 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 73
or performed device provisioning using the existing intermediate CA certificate, these certificates will be invalidated when changing the intermediate CA's private key. ClearPass Guest 3.9 | Deployment Guide Onboard | 73 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 74
another application to obtain a certificate. You can click the Download the current CSR link to download the certificate signing request as a file. Use this option Using Microsoft Active Directory Certificate Services Navigate to the Microsoft Active Directory Certificate Services Web page. This page - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 75
Click the Request a Certificate link on this page. The Request a Certificate page is displayed. Click the link to submit an advanced certificate request. The Submit a Certificate Request or Renewal Request page is displayed. ClearPass Guest 3.9 | Deployment Guide Onboard | 75 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 76
chain link. A file containing the intermediate certificate and the issuing certificates in the trust chain will be downloaded. Refer to the instructions in "Installing a Certificate Authority's Certificate" for information on uploading this certificate file. 76 | Onboard ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 77
PRIVATE KEY" and "END RSA PRIVATE KEY" lines. Upload certificate file - Step 2 and Step 3 are displayed on the CA Certificate Import form. ClearPass Guest 3.9 | Deployment Guide Onboard | 77 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 78
certificate with an updated validity period. Use this option to maintain the validity of all certificates issued by the CA. 78 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 79
Certificate and Delete Request actions in the Certificate Management list view. This is useful for testing and initial deployment. The default data retention policy specifies the values: Minimum Period of to issue client and server certificates. ClearPass Guest 3.9 | Deployment Guide Onboard | 79 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 80
certificate authority, and the extended key usage property will contain the three values "Client Auth", "Server Auth" and "OCSP Signing". 80 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 81
the specified values. Table 14 on page 82 explains the fields that may be included as part of the subject alternative name. ClearPass Guest 3.9 | Deployment Guide Onboard | 81 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 82
14 Subject Alternative Name Fields Supported When Creating a TLS Client Product string identifying the device and often including the hardware version information. Software version number for the device. Username of the user who provisioned the 82 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 83
Table 15 Types of Certificate Supported by Onboard Certificate Management Certificate Type "Type" Column Notes Root certificate ca Self-signed to close the certificate properties. Export certificate - Displays the Export Certificate form. ClearPass Guest 3.9 | Deployment Guide Onboard | 83 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 84
in which the certificate should be exported. The following formats are supported: PKCS#7 Certificates (.p7b) - Exports the certificate, and or other symbol characters. Click the Export Certificate button to download the certificate file in the selected format. Revoke certificate Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 85
of the certificate request. Click the Cancel button to close the certificate request properties. Export request - Displays the Export Certificate Request form. ClearPass Guest 3.9 | Deployment Guide Onboard | 85 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 86
the certificate signing request should be exported. The following formats are supported: PKCS#10 Certificate Request (.p10) - Exports the the Export Certificate button. Click the Export Request button to download the certificate signing request file in the selected format. 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 87
Format If you have a certificate signing request in text format, click the Copy and paste certificate signing request as text radio button. ClearPass Guest 3.9 | Deployment Guide Onboard | 87 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 88
File Alternatively, if you have the certificate signing request as a file, click the Upload certificate signing request file radio button. 88 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 89
basic device provisioning settings, go to Onboard > Provisioning Settings, or click the Provisioning Settings command link. The Device Provisioning Settings page opens. ClearPass Guest 3.9 | Deployment Guide Onboard | 89 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 90
the certificates issued to devices when they are provisioned Which operating systems should be supported Authorization properties - the number of devices that a user may provision Configuring Basic for certificates issued to devices. 90 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 91
the following: The current time, plus the maximum validity period. The expiration time of the user account for whom the device certificate is being issued. The "not valid after" time is then increased that is feasible for your organization. ClearPass Guest 3.9 | Deployment Guide Onboard | 91 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 92
mdpsProductName (.6) Product Version String containing the software version number for the device. mdpsProductVersion in the client certificate. Certificate revocation checking must be configured manually on the authentication server. This is the default option. Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 93
details about this process. Use the Display Name and Profile Description text fields to control the user interface displayed during device provisioning. ClearPass Guest 3.9 | Deployment Guide Onboard | 93 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 94
The fourth part of the Device Provisioning Settings form is used to specify provisioning settings related to Onboard-capable devices. 94 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 95
in the "Address" text field. Use this option when special DNS or NAT conditions apply to devices that are in a provisioning role. ClearPass Guest 3.9 | Deployment Guide Onboard | 95 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 96
to "No, do not validate this web server's certificate" only during testing, or if you are waiting for a commercial SSL certificate. Configuring User be used to provide additional resources to users who encounter trouble in provisioning their devices. Note: Ensure that users in 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 97
that will be provisioned to devices. Note: Some devices do not support all possible combinations of network settings. If you make a selection that information and instructions to users after the network is configured. See "Configuring Post-Installation Instructions". Note: Guide Onboard | 97 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 98
settings take effect. Click the Cancel button to discard your changes and return to the main Onboard configuration user interface. 98 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 99
your network infrastructure. The Legacy OS X EAP option supports only PEAP with MSCHAPv2. The Windows EAP option supports only PEAP with MSCHAPv2. These best practices are recommended when and the authentication server using key materials. ClearPass Guest 3.9 | Deployment Guide Onboard | 99 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 100
the main Onboard configuration user interface. Configuring Mutual Authentication Settings Click the Trust tab to display the Enterprise Trust form. 100 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 101
. Click the Next button to continue to the Windows tab. Click the Save Changes button to make the new network configuration settings ClearPass Guest 3.9 | Deployment Guide Onboard | 101 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 102
of health provided by the NAP client. To enable NAP for Microsoft Windows clients, mark the Enable NAP services check box on this tab. You will also need to mark the Enable Quarantine Checks check box on the to display the Proxy Settings form. 102 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 103
server will be configured. Manual - A proxy server will be configured, if the device supports it. Specify the proxy will configure its own proxy server, if the device supports it. Specify the location of a proxy auto-config Configuring Post-Installation Instructions Click the Post Install - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 104
text field can be used to provide more information or instructions to an iOS or OS X user immediately after device provisioning has completed. For settings can only be used with iOS 4 and iOS 5 devices. Other platforms are not supported. 104 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 105
used as the identity certificate for VPN connections. This option requires configuring your VPN server to allow IPSec authentication using a client certificate. ClearPass Guest 3.9 | Deployment Guide Onboard | 105 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 106
No proxy server will be configured with this VPN profile. Manual - A proxy server will be configured with this VPN profile. This page is used to automatically configure an email account on the iOS device. Use this option when supported. 106 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 107
account provisioning. The Account Name text field specifies the name for this email account. Account Name field. For example, use "ACME Sprockets Mail". In the Account Settings group, choose one of the following options from the Account . Shared preset values - testing only. This option provides a - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 108
allowing a user to access sensitive information remotely. NOTE: Onboard Passcode Policy settings can only be used with iOS 4 and iOS 5 devices. Other platforms are not supported. 108 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 109
's security requirements. Click the Save Changes button to save the passcode policy settings and return to the main Onboard configuration user interface. ClearPass Guest 3.9 | Deployment Guide Onboard | 109 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 110
default configuration for Onboard. These options are useful while trialing the Onboard workflow with a set of test devices. Select one of the following options in the Reset Type drop-down list: Delete all are listed in Table 17 on page 111. 110 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 111
Identifier (32) NAS-Port (5) NAS-Port-Type (61) Service-Type (6) Event-Timestamp (55) Mdps-Device-Name1 (19) and often including the hardware version information. Software version number for the device. Unique device identifier normal. Onboard Troubleshooting If you encounter a problem that is not - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 112
certificate. This is not recommended for production deployments as it increases the complexity of deployment for users with iOS devices. 112 | Onboard ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 113
accounting information about each guest session. This allows you to generate reports about guest network usage. Accessing RADIUS Services To access RADIUS Services: From the Home page, click the RADIUS Services chronological order. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 113 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 114
your browser. This can greatly assist in troubleshooting the exact cause of an authentication, authorization or accounting (AAA) problem. Normally, the RADIUS server runs in . The RADIUS Failed Authentications list is displayed. 114 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 115
's most recent active session, hover over the text . Stale - The user has an active accounting session, but no updates have been received recently; the session might be "stale." To view the The RADIUS Server Configuration form opens. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 115 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 116
a production environment. If you do enable it for troubleshooting, remember to disable it when you are through. Logging interim accounting updates is optional, and is disabled by default. You Server Options" in the Reference chapter. 116 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 117
Some NAS equipment (notably Chillispot) will send a NAS-IP-Address of 0.0.0.0 in accounting records, which renders the active sessions list view useless as well as any attempt to that define when those attributes should be applied. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 117 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 118
is identified by a unique number. The ID is shown in the list view. When creating visitor accounts, the role_id field should contain the ID of one of the user roles defined in the RADIUS form opens. Figure 16 RADIUS Role Editor page 118 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 119
the Attribute field. Additional vendors and attributes may be defined in the RADIUS Dictionary. See "Dictionary" for more information in this chapter. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 119 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 120
functions are available for use in attribute conditions. See "Standard RADIUS Request Functions" in the Reference chapter for detailed documentation about these functions. 120 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 121
can also be made based on the accounting records available to the RADIUS server. In this example, users will be authorized only if their total traffic in the past day does not exceed 10 MB. 1. Create a new role named Sample role. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 121 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 122
RADIUS Debugger feature, See "Debug RADIUS Server" in this chapter to diagnose any problems with your code in value expressions. Several predefined functions and variables are available for - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 123
the form, mark the Enabled check box. The form expands to include options for the role override, expiration, and device limit settings. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 123 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 124
3. Complete the Role Override, Expiration, Device Limit, account Limit, and Limit Action fields with the appropriate information, then click Save Changes. Network Access for this server and to make changes to existing NAS devices. 124 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 125
3576 support) Aruba Networks Bluesocket Chillispot (RFC 3576 support) Cisco Cisco (RFC 3576 support) Colubris/HP Consentry Networks Enterasys Extreme Networks Extricom Infoblox Juniper Networks Meraki Meru Networks ClearPass Guest 3.9 | Deployment Guide RADIUS Services - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 126
vendor is not listed, select the "Other NAS" option. If the NAS is known to support RFC 3576, select the "RFC 3576 Dynamic Authorization Extensions Compatible" option. See "RFC 3576 Dynamic detection is not suitable for your data. 126 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 127
of the import operation is displayed. The properties of each NAS are determined, and any conflicts with existing NAS entries are displayed ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 127 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 128
recognized. See "Server Control" in this chapter for more information. Web Logins Many NAS devices support Web-based authentication for visitors. When you use ClearPass Guest to define a Web login page, guests using a Web login page. 128 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 129
Logins. Click Create a new Web login page to create a Web login page for your guests. There are seven sections to this form. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 129 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 130
hostname or IP address only) must be entered in the Address field as no other entries are supported. When the Dynamic Address check box is selected, the NAS login can be performed using the , enable the Dynamic Address check box. 130 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 131
's password is automatically provided for the login attempt. Anonymous-This option supports two special usernames: _mac and underscore (_). When Anonymous is selected, two of the user regardless of where the account is defined. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 131 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 132
supported password encryption methods. When Local - Match local account is selected, user accounts defined in Guest Manager will be permitted; user accounts defined in external authentication services is an important part of the URL. 132 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 133
for the time specified in the Login Delay. The sixth section allows you to specify access controls for the Web login page. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 133 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 134
The NAS may supply additional parameters when redirecting the user to the Web login page. These are supported and will be passed back to the NAS along with the variables that are defined as part .88.88/weblogin.php/4?wlan=clearpass-guest 134 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 135
variable to remember the NAS parameters when redirecting the user to a different page that does not include the parameters in the URL. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 135 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 136
Web browser based authentication, this solution enables fully customized Web login experience to be developed and presented through the ClearPass Guest portal options. Some examples of use cases for the user to their configured home page. 136 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 137
OS X Lion (10.7) laptop, iPad and an iPhone. Figure 18 Captive Network Assistant on MacOS X Figure 19 Captive Network Assistant on iPad \ ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 137 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 138
Guest Web Login pages, testing of the recommended Captive Portal assumed that the Captive Network Assistant only supports HTTP. This recommended approach of using download from the following location: http://www.arubanetworks.com/vrd/ 138 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 139
machine will no longer initiate the Captive Network Assistant and the user can launch their local browser manually as desired. Now that the devices are able to open the local browser, any subsequent attempt on the Aruba controller. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 139 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 140
on the NAS server. The ClearPass Guest RADIUS server uses a database to store the user accounts for authentication and other settings for the server. You can set up as many databases as that you leave the default configuration unmodified. 140 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 141
this tree view to define a new vendor, create a new vendor-specific attribute, or modify the list of values available for a particular attribute. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 141 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 142
located under the More Options tab. These text files can be created by you or you can download them from a manufacturer who is not in the standard list. Export Dictionary You are able to attribute values in the dictionary will be lost. 142 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 143
vendor's attributes and values can be exp orted as a text file in RADIUS dictionary format by clicking the Export Vendor icon link. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 143 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 144
Certain vendors in the dictionary have support for larger attribute values. If you want the attribute to appear in the active session views and on RADIUS accounting reports, check the Visible in Active the Edit Attribute icon link. 144 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 145
added to an attribute by clicking the attribute in the RADIUS dictionary list view and then clicking the Add Value icon link. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 145 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 146
port-based network access control for both wired and wireless networks. ClearPass Guest supports EAP and 802.1X authentication. This authentication method requires EAP messages to be certificate management for the RADIUS server. 146 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 147
to configure OCSP options, see "Specifying Supported EAP Types". To create a server certificate a server certificate, see "Exporting Server Certificates". Specifying Supported EAP Types To enable the EAP-TLS, EAP-TTLS, the EAP types the RADIUS server will support and designate the default EAP type: - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 148
response. 4. If you selected EAP-TLS as one of the supported types, use the EAP-TLS Configuration area to configure status If you chose the manual option for certificate checks, in the OCSP Responder row, enter the URL of the service to be used to Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 149
and server certificates are installed on the RADIUS server. The CA root certificate is then downloaded for distribution to clients who will use this RADIUS server for authentication. To create a the Continue button to proceed to Step 2. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 149 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 150
, click the Create Server Certificate command link, then click the Request a certificate from another certificate authority link. The Server Certificate Request page opens. 150 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 151
Complete the details for the certificate, and click the Download Request button to save the certificate signing request. This signing request should be the Import Server Certificate command link. The Import Server Certificate form opens. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 151 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 152
this option to download the root certificate for the certificate authority. PEAP Sample Configuration To enable the common case of PEAPv0/MS-CHAPv2 (broadly supported by all wireless a Server Certificate" in this chapter for details. 152 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 153
the default PKCS#7 container format. 6. Click the Download File button and a file named Guest Certificate Authority.p7b will be downloaded (the precise name depends on the common name for using the Export Server Certificate form: ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 153 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 154
Open. The Certificate Information dialog opens. 3. Click the Install Certificate button. The Certificate Import Wizard opens. 4. Click Next. The Certificate Store form opens. 154 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 155
5. Click the Browse button to select the Trusted Root Certification Authorities store. 6. Click OK, and then click Next. The last page of the Certificate Import Wizard is displayed. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 155 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 156
specified as a Trusted Root Certification Authority for the wireless network connection that is using PEAP. Click Yes to confirm and accept the certificate. 156 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 157
Servers (EAS). To view the current domain information, join or leave a domain, or perform authentication tests for user accounts in the domain, use the Active Directory Services command link on the RADIUS > Authentication page. The Domain Summary table shows the current domain settings - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 158
page. The Join Active Directory Domain form is displayed, and includes troubleshooting tips. When the server's DNS and network settings are correctly configured, all the necessary domain-related information is automatically detected. 158 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 159
requires entering the username and password for a domain administrator account. Click the Join Domain button to complete the process. Once the domain has been joined, the status is available on the Active Directory Services page. Testing Active Directory User Authentication To verify that the domain - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 160
account. To provide the domain credentials that will be used when authenticating via LDAP, click the Configure Active Directory authentication link on the RADIUS > Active Directory Services are required to perform this operation. 160 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 161
by the domain controller. Both user and machine accounts may be authenticated. Additionally, support is provided for authenticating users with a supplied accounts are authenticated through EAPTLS, and the authorization method can be configured. ClearPass Guest 3.9 | Deployment Guide RADIUS Services - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 162
. When this is necessary, a link is displayed at the top of the page. The Test Authentication option for a server may be used to check the connection to an authentication server, row expands to include the Edit Authentication Server form. 162 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 163
and authenticated by the domain controller. Both user and machine accounts may be authenticated. Additionally, support is provided for authenticating users with a supplied username of either authenticate users against the directory. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 163 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 164
example, DC=example,DC=com) in order to authenticate both user and machine accounts. Advanced Options - additional options controlling authentication against the directory. The following advanced "Remote Access Permission" setting. 164 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 165
To authorize all users in Active Directory, regardless of the individual user account settings for remote access permission, use the following settings: access_attr = number of seconds to wait for the LDAP query to finish. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 165 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 166
the "ldap." prefix. Configuring an LDAP EAS For LDAP external authentication servers, the following fields are displayed in the Edit Authentication Server form. 166 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 167
secure connection - this option, when it is supported by the LDAP server, allows a standard LDAP connection on port 389 to be upgraded to a connection supporting TLS. Use TLS to connect securely used to bind to the directory. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 167 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 168
For information about additional LDAP configuration options, including enabling Novell eDirectory support, see "LDAP Module Configuration" in the Reference chapter. The against the proxy server. No advanced options are currently defined. 168 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 169
Use the common name of the certificate to match a local user account Assign a fixed user role (Contractor, Employee, or Guest) Use on testing a Local Certificate Authority authentication server, see "Testing External Authentication ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 169 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 170
authentication attempt. Use the common name of the client certificate to match a local user account may be specified for users authenticated via EAP-TLS on a client's local certificate server. authorization steps are both successful. 170 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 171
expiration time for the account). Each server's authorization method can be configured. The authorization methods available vary according to the type of authentication server: No authorization - Authenticate only may be used to provide a basic user authentication service. The RADIUS server will - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 172
common name of the client certificate to match a local user account may be specified for users authenticated via EAP-TLS on a the diagnostic, navigate to RADIUS Services > Server Control and click the Test RADIUS Authentication command link. Enter Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 173
the available properties of the user account, as well as taking into account other factors such as the ID. To determine the appropriate role ID, navigate to RADIUS Services > User Roles and check the ID column for the appropriate to RADIUS Services > User Roles and check the ID column - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 174
rules, or account status or permitted limits-mark the Show detailed authorization info check box in the Advanced row. 3. Click the Run Test button. A progress bar is shown during the test, and results are displayed below the Test Authentication form. 174 | RADIUS Services ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 175
simulate EAP-TLS authentication with a client certificate. 1. To specify the network layer to test against, mark the radio button in the Mode row for either the local RADIUS server the Certificate Authority row to browse to the file. ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 175 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 176
for the network settings, outer authentication, and inner authentication, click the Run Test button. Managing Certificates for External Authentication Servers Use the Certificates command link on be established, the connection will fail. 176 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 177
information about the certificate. Export Certificate - download the certificate in one of several different formats Certificate form to specify a certificate file to upload. The supported formats for digital certificates are: Binary X.509 certificate | Deployment Guide RADIUS Services | 177 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 178
178 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 179
allow you to create guest accounts as well as print reports. What your profile permits is determined by the network administrator. Two types of operator logins are supported: local operators and operators is shown in the following table. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 179 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 180
Some of the settings in an operator profile may be overridden in a specific operator's account settings. These customized settings will take precedence over the default values defined in the operator are described in more detail below. 180 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 181
in to the application. 3. In the Privileges area, use the drop-down lists to select the appropriate permissions for this operator profile. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 181 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 182
User Roles list allows you to specify which user databases and roles the operator will be able to access. 182 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 183
is useful in large deployments where an operator only wants to have a filtered view of some accounts. To create an account filter, enter a comma-delimited list of field-value pairs. Supported operators are described below. The Session Filter field lets you create a filter for only that session - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 184
search, and may include the following operators: Table 19 Operators supported in filters Operator Meaning Additional Information = is equal to != example, specifying the filter "role_id=2|3, custom_field=Value" restricts the user accounts displayed to those with role IDs 2 and 3 (Guest and Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 185
row, to specify that an operator profile should use a different form when creating a new visitor account, select the Override the application's forms and views check box. The form expands to show the the creation of an operator profile. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 185 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 186
accounts Creating multiple guest accounts Creating new guest accounts Editing multiple guest accounts Exporting guest account data Full user control of guest accounts Importing guest accounts Listing guest accounts setting. 186 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 187
Local Operator Authentication Local operators are those defined in ClearPass Guest. Creating a New Operator After you create a profile, you can create an operator to use that profile. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 187 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 188
operators to only have a filtered view of some accounts. To create an account filter, enter a comma-delimited list of field-value pairs. Supported operators are described below. The Session Filter field List All Operator Logins command. 188 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 189
, description, and actions for each Show Usage-adds a list of the number of logins and operator servers currently using the selected profile ClearPass Guest 3.9 | Deployment Guide Operator Logins | 189 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 190
using LDAP. Only authentication is supported. Manage LDAP Servers ClearPass Guest supports a flexible authentication mechanism that server is queried for the attributes associated with the user account. These LDAP attributes are then translated to operator attributes Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 191
about the types of LDAP URL you may specify. Select the Enabled option if you want this server to authenticate operator logins. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 191 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 192
IP address of the RADIUS server. Port Number: The port number of the RADIUS authentication service. Shared Secret: The shared secret for the RADIUS server. Authentication Method: The authentication that this plugin is available. 192 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 193
your settings by clicking the Test Settings button. Use the Test Username and Test Password fields to supply a Server Troubleshooting" in this chapter for information about common error messages and troubleshooting steps to diagnose the problem. Click 3.9 | Deployment Guide Operator Logins | 193 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 194
Troubleshooting You can use the LDAP Operator Servers list to troubleshoot network connectivity, operator authentication, and to look up operator usernames. Testing Connectivity To test the test appear below the server entry in the LDAP server table. Testing Operator Login Authentication 1. To test - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 195
a server name in the LDAP Server table, then click the Test Lookup link. The Test Operator Lookup area is added to the LDAP servers list. 2. Account is disabled Account has expired User must reset password User account is locked Other items to consider when troubleshooting LDAP connection problems - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 196
not equal - case-insensitive string comparison, matches on inequality less than - numerical value is less than the match value 196 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 197
configured translation rules. Translation rules are processed in order, until a matching rule is found that does not have the Fallthrough field set. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 197 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 198
chapter. These may be used to make programmatic decisions based on the LDAP attribute values available at login time. 198 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 199
operator will be enabled. If neither condition has matched, the "enabled" field will be set to 0 and login will not be permitted. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 199 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 200
web demo de ClearPass Guest, necesitas un nombre y contraseña. Si no tienes un login, puedes obtener uno 200 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 201
- the most secure form of password; this is the default and recommended setting. A minimum password length of at least 8 characters is recommended. ClearPass Guest 3.9 | Deployment Guide Operator Logins | 201 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 202
use fractional numbers for values less than an hour; for example, use 0.25 to specify a 15 minute idle timeout. 202 | Operator Logins ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 203
Guest. Guest Manager provides complete control over the user account creation process. Using the built-in customization editor you can access - either by your operators provisioning guest accounts, or by the guests self-provisioning their own accounts. Both of these processes are described in the - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 204
operator The operator creates the guest accounts and generates a receipt for the account. The guest logs on to but there is no need for an operator to create the account or to print the receipt. See Figure 25. Figure an account can browse to the guest self- 204 | Guest Management - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 205
the guest creates a new account. At the conclusion of the registration process, the guest is automatically redirected to the NAS to log in. The guest can print or download a receipt, or have the for this form are described below. ClearPass Guest 3.9 | Deployment Guide Guest Management | 205 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 206
the Terms of Use check box in order to create the visitor account. Click the Create Account button after completing the form. Creating a Guest Account Receipt Once a guest account has been created, the details for that account are displayed. 206 | Guest Management ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 207
Sending SMS receipts requires the SMS Services plugin. If the administrator has enabled automatic SMS, and the visitor's phone number was typed into the New Visitor Account form, an SMS message will be for this form are described below. ClearPass Guest 3.9 | Deployment Guide Guest Management | 207 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 208
the Print dialog box will be displayed. To download a copy of the receipt information in CSV format, click the Save list for scratch cards (CSV file) link. The fields available in the CSV file are: Number - the sequential number of the visitor account, starting at one Username - the username for - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 209
Accounts form to include the Password field. To include the Password field on the Create Multiple Guest Accounts Accounts form and their descriptions. At Create Multiple Guest Accounts form (create_multi) the password field on the Create Multiple Guest Accounts form, you may change the number in - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 210
used by all the accounts. 4. Complete the other fields with the appropriate information, then click Create Accounts. The Finished Creating Guest Accounts view opens. The password and other account details are displayed for each account. 210 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 211
that have been created. The value in the Expiration column is colored red if the account will expire within the next 24 hours. The expiration time is additionally highlighted in boldface if the account will expire within the next hour. ClearPass Guest 3.9 | Deployment Guide Guest Management | 211 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 212
Table 24 Operators supported in filters Operator =Value" restricts the accounts displayed to those with account. Use the Create tab to create new visitor accounts using the New Visitor Account form. See "Creating a Guest Account accounts and the ability to customize the view. Click a user account - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 213
Enable Account button to set the new activation time for the guest account. A new account receipt is then displayed, which allows you to print a receipt showing the updated account details. Edit - Changes the properties of a guest account. ClearPass Guest 3.9 | Deployment Guide Guest Management - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 214
recover a forgotten or lost guest account password, use the Reset password link. Managing Multiple Guest Accounts Use the Edit Accounts list view to work with multiple guest accounts. This view may be accessed view are described below. 214 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 215
include the following operators: Table 25 Operators supported in filters Operator Meaning Additional Information = the filter "role_id=2|3, custom_field=Value" restricts the accounts displayed to those with role IDs 2 and select guest accounts, click the accounts you want to work with. You - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 216
be automatically selected after you have made changes to one or more guest accounts. You can create new guest account receipts or download the updated guest account information. See "Creating Multiple Guest Account Receipts" in this chapter for more information. The More Options tab includes the - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 217
2 of 3, ClearPass Guest determines the format of the uploaded account data and matches the appropriate fields are m to the data. The first few records in the data will be displayed, together with any automatically detected field names. ClearPass Guest 3.9 | Deployment Guide Guest Management | 217 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 218
automatically detected in the data: Use the Match Fields form to identify which guest account fields are present in the imported data. You can also specify the values to from that column when importing guest accounts, or select one of the other available options to use a fixed value for each imported - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 219
import process. The selected items will be created or updated. You can then print new guest account receipts or download a list of the guest accounts. See "Creating Multiple Guest Account Receipts" in this chapter for more information. ClearPass Guest 3.9 | Deployment Guide Guest Management | 219 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 220
list of all guest accounts in comma-separated values account Username - Username for the guest account Role - Role for the guest account Activation - Date and time at which the guest account name as the guest account field. An example XML account own temporary visitor accounts. Visitor surveys - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 221
advertising. Default Settings for Account Creation The Guest Manager plugin configuration holds the default settings for account creation. These settings can - The default method used to generate random account usernames (when creating groups of accounts). This may be overridden by using the - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 222
Password Complexity - The policy to enforce when guests change their account passwords using the guest self-service user interface. Different levels of password complexity can require guests to by the random words password generator. 222 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 223
Account Retention - Deleted user accounts are available for reporting purposes. The default value is 1 year after the user account is 0. If you want to view deleted accounts in a list view or report, add Options - Default values for relative account expiration times. These options are displayed as - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 224
Logging - By default, the passwords for created guest accounts are logged in the application log and may be recovered from there. For increased security, you may prevent this password from being logged by unselecting this check box. 224 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 225
drop-down list of print templates and a Print link that must be clicked to display the account receipt: About Guest Network Access - Allows the text displayed to operators on the Guest Manager and random_username_length fields). ClearPass Guest 3.9 | Deployment Guide Guest Management | 225 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 226
the visitor account and the visitor account and may account is not created. simultaneous_use account account account account will be activated. If modify_schedule_time is "none", then the account then the visitor account's activation time visitor account's visitor account has no activation - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 227
"do_expire" Meaning 0 Account will not expire 1 Disable 2 Disable and logout 3 Delete 4 Delete and logout "Disable" indicates that the enabled field will be set to 0, which will prevent further authorizations using this account. ClearPass Guest 3.9 | Deployment Guide Guest Management - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 228
active sessions that have a username matching the account username. This option requires the NAS to support RFC 3576 dynamic authorization. See "RFC 3576 Expiration Create Multiple Create Account Edit Account Export Accounts Edit Multiple Accounts Edit Multiple Accounts Print Receipt Editable? Yes - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 229
for areas of interest to your organization. You are able to define custom fields for your guest accounts as well as edit the existing fields. In addition you can delete and duplicate fields. For that have a lock symbol cannot be deleted. ClearPass Guest 3.9 | Deployment Guide Guest Management | 229 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 230
Editor" in this chapter for a description of the view display fields, including the Column Type and Column Format fields. 230 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 231
that field. If the field is used on multiple forms, you are able to select which form you would like to view. ClearPass Guest 3.9 | Deployment Guide Guest Management | 231 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 232
value is used. You can customize the page title, header HTML, and footer HTML for many forms and views (for example, Create Guest Account, Edit Guest Accounts, and others). When these options are available, the Page Properties area is included on the Edit Properties form. 232 | Guest Management - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 233
to remove the copy. A duplicated item cannot be removed if it is referenced by an operator login account or an operator profile. Editing Forms To add a new field to a form, reorder the fields, or opens the Customize Form Fields editor. ClearPass Guest 3.9 | Deployment Guide Guest Management | 233 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 234
top of the list view to see what the form looks like. This preview form can be submitted to test the field validation rules you have defined. If all fields are able to be validated, the form submit interface characteristics of a field. 234 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 235
the recommended validator for this field (NwaCaptchaIsValid), the security code must be matched or the form submit will fail with an error. ClearPass Guest 3.9 | Deployment Guide Guest Management | 235 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 236
. This user interface type submits an array of values containing the option key values of each selected check box. 236 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 237
not specified. When using these options, you may also specify the desired number of columns or rows to adjust the layout appropriately. ClearPass Guest 3.9 | Deployment Guide Guest Management | 237 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 238
a date/time picker, you should validate the field value to ensure it is a date. Certain guest account fields, such as expire_time and schedule_time, require a date/time value to be provided as a UNIX time value only a single item in it. 238 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 239
uploads cannot be stored in a custom field. This user interface type requires special form implementation support and is not recommended for use in custom fields. Hidden field - If Hidden Field Value option in the form field editor. ClearPass Guest 3.9 | Deployment Guide Guest Management | 239 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 240
options list. When the form is submitted, the key of the selected value becomes the value of the field. 240 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 241
. If the Hide when no options are selectable check box is selected, the field will be hidden if its value is blank. ClearPass Guest 3.9 | Deployment Guide Guest Management | 241 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 242
when no options are selectable check box is selected, the field will be hidden if its value is blank. 242 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 243
conventions, you should ensure that the submit button has the highest rank number and is displayed at the bottom of the form. ClearPass Guest 3.9 | Deployment Guide Guest Management | 243 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 244
value for the field. A short text label may be placed after the text box using the Label After option. 244 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 245
supplied for an optional field is subject to validation checks. All values supplied for a required field are always validated, including blank values. ClearPass Guest 3.9 | Deployment Guide Guest Management | 245 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 246
value as the argument to the validator. The Validator Argument is used to provide further instructions to the selected validator. Not all validators require an argument; a validator such as IsValidEmail code: array ( 0 => 1, 1 => 100, ) 246 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 247
. Example 3 - To create a form field that validates U.S. social security numbers using a regular expression, use the following settings in the form field editor: ClearPass Guest 3.9 | Deployment Guide Guest Management | 247 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 248
this option is recommended for hidden fields, particularly those related to security, such as role ID or expiration date. 248 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 249
or all characters, choose Guest must supply field from the drop-down list. For example, a bulk account creation might use random usernames, and each visitor's entry in that field would not need to match in form field processing . ClearPass Guest 3.9 | Deployment Guide Guest Management | 249 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 250
consider a form field displayed as a date/time picker, such as the expire_time field used to specify an account expiration time on the create_user form. The user interface is displayed as a text field, but the value the form processing. 250 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 251
; statements and other code should not be included as this will cause a syntax error when the form is displayed in a Web browser. ClearPass Guest 3.9 | Deployment Guide Guest Management | 251 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 252
would use the code sample_field.value. Most user interface elements support the value property to retrieve the current value. For check field has been selected. For example, the default create_user form has an Account Expiry drop-down list. One of the values in this list is special Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 253
and lowercase letters the same. Sortable numeric - The column displays a numeric value, and may be sorted by clicking on the column heading. ClearPass Guest 3.9 | Deployment Guide Guest Management | 253 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 254
validation rules can be defined with the custom form editor. Specific details about the type of visitor accounts created are also set here. The receipt page also includes a form, although typically this form will guests back to the NAS. 254 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 255
After submitting the registration form [3], the guest account is created and the receipt page is displayed [4] with the details of the guest account. If NAS login is enabled, submitting the Customize Guest Registration form is displayed. ClearPass Guest 3.9 | Deployment Guide Guest Management | 255 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 256
in the Guest Self-Registration list, then click Edit. 3. The Customize Guest Registration workflow page appears, as shown below 256 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 257
self-registration. The Basic Properties window has configurable settings such as Name, Description, enabling guest-self registration, Register Page, Parent, and Authentication. ClearPass Guest 3.9 | Deployment Guide Guest Management | 257 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 258
to require an operator to log in with their credentials before they can create a new guest account, select the Require operator credentials prior to registering guest check box. The sponsor's operator profile section of this form. 258 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 259
31 on page 257. 3. Click the Register Page link, or one of the Title, Header, or Footer fields for the Register Page. ClearPass Guest 3.9 | Deployment Guide Guest Management | 259 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 260
24 by default; this sets the default expiration time for a self-registered visitor account to be 1 day after it was created. The role_id field is by default; this sets the default role for a self- registered visitor account to the built-in Guest role. The auto_update_account field is set by - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 261
, Header or Footer fields for the Receipt Page to edit the properties of the receipt page. This page is shown to guests after their visitor account has been created. Click the Save Changes button to return to the process diagram for self-registration. ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 262
You can allow the sponsor to choose the role for the user account at the time the sponsor approves the selfregistered account. To enable role selection by the sponsor: 1. Go to Customization of the diagram, click the Actions link. 262 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 263
of the form, mark the Enabled check box for Require sponsor confirmation prior to enabling the account. The form expands to let you configure this option. 4. In the Authentication row, mark to preview the Guest Registration login page. ClearPass Guest 3.9 | Deployment Guide Guest Management | 263 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 264
In the Account Role drop-down list, the sponsor chooses the role for the guest, then clicks the Confirm button. Editing Download and Print Actions for Guest Receipt Delivery Select the Download or Print relevant to email delivery. 264 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 265
to specify the print template to use, the field containing the visitor's phone number, and the name of an auto-send field. ClearPass Guest 3.9 | Deployment Guide Guest Management | 265 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 266
of the Customize Guest Registration. The NAS Login form opens. Mark the Enabled check box to expand the form. 266 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 267
or URL redirection parameters, See "Creating a Web Login Page" in the RADIUS Services chapter. Editing Login Page Properties Click the Title or Login Message fields for the Login Page" in the RADIUS Services chapter for a description. ClearPass Guest 3.9 | Deployment Guide Guest Management | 267 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 268
, for which the login message page is displayed. Click the Save Changes button to return to the process diagram for self-registration. Self-Service Portal Properties Click the Self-Service Portal link or one of the Login Page, Summary Page, Change Password or Reset Password links for the Self - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 269
the password reset request. If the "Auto login by IP address" option is selected, a guest accessing the self-service portal will be automatically logged in if their client IP address matches the IP address of an active RADIUS accounting ClearPass Guest 3.9 | Deployment Guide Guest Management | 269 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 270
is "Passwords will be randomly generated", but the alternative option "Manually enter passwords" may be selected to enable guests to select their Service Portal The self-service portal includes the ability to reset a guest account's password. The default user interface for the self-service Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 271
Required Field" option in the Self-Service Portal properties. Setting this to ( value for the "Required Field" allows other fields of the visitor account to be checked. These fields should be part of the registration form this chapter. ClearPass Guest 3.9 | Deployment Guide Guest Management | 271 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 272
Plain text print templates may be used with SMS services to send guest account receipts; See "About SMS Guest Account Receipts" in this chapter for details. Because SMS has a 160 character . {elseif $action == "edit"} 272 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 273
> {/if} If this code is placed in the User Account HTML section it will cater for the create, edit and delete options. -time preview of the print template. Each of the basic styles provides support for a logo image, title area, subtitle area, notes area, and Guide Guest Management | 273 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 274
of the icons in the row. A Delete icon and an Add icon will then be displayed for that row. 274 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 275
Logins This section explains how to configure the Guest Manager to create multiple accounts that have the ability to log in in with only the username. Code. Access Code logins requires the following plugin versions: RADIUS Services 3.0.4 or later, and GuestManager Plugin 3.0.3. To verify you have - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 276
the Username Length field, select 8 characters. 4. Configure other settings. See "Default Settings for Account Creation" in this chapter for a description, then click Save Configuration to save your changes. $u.create_result.error} 276 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 277
created in this example appears as shown below. Customize the Guest Accounts Form Next, modify the Guest Accounts form to add a flag that to allows access-code based be acceptable, but feel free to customize the label or description. ClearPass Guest 3.9 | Deployment Guide Guest Management | 277 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 278
to display the Finished Creating Guest Accounts page. If you create large number of accounts are created at one time they may not all be displayed at the same time. (This will not affect the printing action in the following step.) 278 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 279
the accounts settings are the cards. MAC Authentication in ClearPass Guest ClearPass Guest supports a number of options for MAC Authentication and the 22:33:aa:bb:cc 11-22-33-AA-BB-CC ClearPass Guest supports adjusting the expected format of a MAC address. To configure formatting of separators - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 280
To view the list of current MAC devices, go to Guests > List Devices. The Guest Manager Devices page opens. 280 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 281
listed. Options on the form let you change a device's account expiration date; remove, activate, or edit the device; view , and you can include the following operators: Table 28 Operators supported in filters Operator Meaning Additional Information = is equal to != Guide Guest Management | 281 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 282
-down list. If you choose Account Expires at a specified time, the expire" or "now" in the Account Expiration field, the Expire Action row Account to commit your changes. Disabling and Deleting Devices To remove a device's account Account form. You may choose to either disable or delete the account - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 283
minutes, then click a day to select the date. 3. Click Enable Account to commit your changes. Editing a Device To edit a device's account, click the device's row in the Guest Manager Devices list, then for the MAC Authentication Plugin. ClearPass Guest 3.9 | Deployment Guide Guest Management | 283 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 284
Account Activation dropdown list. You may choose to activate the account Account Expiration dropdown list. You may terminate the account account-either delete Account Expiration row. If you choose Account choose Account Expires Account Lifetime drop-down list. The visitor's account account the Account account - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 285
MAC device accounts may be created in three ways: Manually in ClearPass manually. Go to Guests > List Devices and click the Create link, or you can go to the Guests navigation page and click the Create Device command. The New MAC Authentication page opens. ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 286
for the MAC Authentication Plugin. 4. Choose one of the options in the Account Activation drop-down list. You may choose to activate the account immediately, at a preset interval of hours or days, at a specified day to select the date. 286 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 287
drop-down list. The maximum is two weeks. If you choose Account Expires at a specified time, the Expiration Time row is added to mac parameter in the redirect URL. ClearPass Guest does not support querying the controller or DHCP servers for the client's MAC Deployment Guide Guest Management | 287 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 288
the visitor account. These accounts share the same role, expiration and other properties. This requires a vendor passing a mac parameter in the redirect URL. ClearPass Guest does not support querying the fields: Add or enable mac 288 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 289
. If RFC3576 has been configured, all pairs will be logged out. Accounting-Based MAC Authentication Accounting-based MAC authentication is a way to cache the MAC used during an ... && NwaDynamicLoad('NwaCreateUser') // Required call ClearPass Guest 3.9 | Deployment Guide Guest Management | 289 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 290
'mac'=>$mac, // The normalized MAC 'mac_auth_pair'=>$user['id'], // Formally pair the two accounts. Cross links and whatnot in the GUI. A number of data items synched //'modify_expire_time time 'auto_update_account'=>1))) ) && 0; 290 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 291
Figure 35 RADIUS Role Editor Note that modify_expire_time supports any valid syntax of strtotime. ClearPass Guest 3.9 | Deployment Guide Guest Management | 291 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 292
tasks, or click Save and Reload to proceed to Policy Manager and apply the network settings. Importing MAC Devices The standard Guests > Import Guests supports importing MAC devices. At a minimum the following two columns are required: mac and mac_auth. mac_auth,mac,notes 1,aa:aa:aa:aa:aa:aa,Device - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 293
the create_user form. When mac is enabled in a self-registration it will be included in the account as long as mac is passed in the URL. Relying on self-registration may defeat the purpose }! {else} Welcome to the show! {/if} ClearPass Guest 3.9 | Deployment Guide Guest Management | 293 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 294
scenario, you could have people create an account, with a paired MAC, yet still have Conditions confirmation Set the Web login as your landing page and test. Using a registered device the 'Log In' button should your NAS equipment has RFC 3576 support, the RADIUS dynamic authorization extensions Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 295
one of three possible states: Active-An active session is one for which the RADIUS server has received an accounting start message and has not received a stop message, which indicates that service is being provided by a NAS on behalf of an authorized client. While a session is in progress, the NAS - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 296
Configuration" in the RADIUS Services chapter. For details of the options that can be configured, including accounting update intervals and elapsed the visitor account, which will then update the corresponding properties in the NAS session. If the NAS does not support RFC 3576, 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 297
and you can include the following operators: Table 29 Operators supported in filters Operator Meaning Additional Information = is equal to != one click. Stale sessions should be closed to keep accounting statistics accurate. To close all stale sessions, leave Guide Guest Management | 297 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 298
text box, and choose the time interval from the drop-down list-either seconds, minutes, hours, days, or weeks. 298 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 299
the current time, leave this field blank. To specify a time for the end of the range, click the button to open the ClearPass Guest 3.9 | Deployment Guide Guest Management | 299 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 300
you specified. Disconnecting or Reauthorizing Active Sessions If the NAS equipment has RFC 3576 support, you can disconnect or dynamically reauthorize active sessions. 1. On the Manage Multiple Sessions range of sessions to select. 300 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 301
safety announcement. 1. To create an SMS message, click the SMS tab on the Active Sessions page. The Send SMS Notification form opens. ClearPass Guest 3.9 | Deployment Guide Guest Management | 301 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 302
Active Sessions. Only accounts with valid phone numbers Services With SMS Services, you can configure ClearPass Guest to send SMS messages to guests. You can use SMS to send a customized guest account > SMS Services page. The Service Configuration form. The first part of the form includes the Service - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 303
the HTTP method to use. The form displays the configuration options for that gateway type, and the Service Method row includes the GET and POST options. When you select the POST option, the HTTP Headers to hexencoded UTF-16 (Unicode). ClearPass Guest 3.9 | Deployment Guide Guest Management | 303 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 304
, then click either Send Test Message or Save and Close. The new configuration settings will take effect immediately. Sending an SMS You are able to send an SMS, if the system has been configured to allow this, by clicking the Send SMS command link on the Administrator > SMS Services page. The New - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 305
. To adjust the warning threshold, set the Credit Warning value in the configuration for the SMS Services Plugin. About SMS Guest Account Receipts You can send SMS receipts for guest accounts that are created using either sponsored guest access or selfprovisioned guest access. This is convenient in - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 306
on demand. To manually send an SMS receipt, navigate to the Guests > List Accounts window, select Send SMS receipt link displayed on the guest account receipt page. When using guest self-registration, details. SMS Receipt Options The SMS Services plugin configuration allows you to configure options - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 307
Figure 36 Configure SMS Services Plugin SMS Receipt - Select the print template to be used when an SMS receipt is created. The print template used for the receipt must be in plain text format. Phone Number Field - Select which guest account field contains the guest's mobile telephone number. This - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 308
. ClearPass Guest SMS services support SMS USA, SMS Worldwide, AQL, Sirocco, Tempos 21 and Upside Wireless SMS gateways. SMS via SMTP - Select this option to allow visitor account receipt messages to be page for further customization. 308 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 309
of SMS receipt operations can be customized with certain guest account fields. You can override global settings by setting these fields sms_handler_id - This field specifies the handler ID for the SMS service provider. If blank or unset, the default value from the SMS Guide Guest Management | 309 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 310
template and send it to the specified phone number. SMTP Services With SMTP Services, you can configure ClearPass Guest to send customized guest account receipts to visitors and sponsors by email. Email receipts may only on demand. 310 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 311
Email receipts may be sent manually by clicking the Send email receipt link displayed on the guest account receipt page. When using guest self-registration, the Email Delivery options email addresses specified in the "Copies To" field. ClearPass Guest 3.9 | Deployment Guide Guest Management | 311 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 312
Receipt page The Subject line may contain template code, including references to guest account fields. The default value, Visitor account receipt for {$email}, uses the value of the email field. See " is ignored and email is not copied. 312 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 313
To list will be copied. Use 'bcc:' if sending to a visitor - If a guest account email address is available, the email addresses in the Copies To list will be blind copied. Figure 39 configuration settings will take effect immediately. ClearPass Guest 3.9 | Deployment Guide Guest Management | 313 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 314
Determine the email recipients: Address the email to the value specified by the email field in the visitor account. If the email field is "_None" then do not send an email directly to the visitor. Depending configuration is used. 314 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 315
This overrides the list of additional email addresses that receive a copy of the visitor account receipt under Logout Warnings on the email receipt.If the value is "default", the default from the email receipt configuration is used. ClearPass Guest 3.9 | Deployment Guide Guest Management | 315 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 316
316 | Guest Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 317
. Average link utilization - This report calculates the average link utilization for all accounting traffic in the selected period. Average session time per day - This report according to the user's role across a time interval. ClearPass Guest 3.9 | Deployment Guide Report Management | 317 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 318
available for reports that require user interaction. To print the report, click the Print icon in your Web browser. 318 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 319
for more details. You can change the defaults for your report in the Report Editor window by selecting the Report Type link. ClearPass Guest 3.9 | Deployment Guide Report Management | 319 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 320
list: No access - the report is not visible on the list, and cannot be used, edited, duplicated, or deleted. 320 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 321
when you have Full Access, but this also requires that you have the Administrator > Object Permissions privilege set in your operator profile. ClearPass Guest 3.9 | Deployment Guide Report Management | 321 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 322
check boxes to select the reports to export. If you select the Download file option, clicking the Export Reports button will download the selected report definitions to your Web browser. Otherwise, if the View to create the reports. 322 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 323
settings. To restore the default settings for one or more reports, select the reports to reset and click the Reset Reports button. ClearPass Guest 3.9 | Deployment Guide Report Management | 323 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 324
use bins and groups will allow you to classify related data records and extract statistics of interest from them. 324 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 325
information about visitor sessions, reported by NAS devices to the application. In the RADIUS Accounting data source, each data record corresponds to a single visitor session. The data record , GMT - 8 makes the offset 28800 (3600 * 8). ClearPass Guest 3.9 | Deployment Guide Report Management | 325 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 326
is that all the related items must have the same group value to be placed in the same group. 326 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 327
using the Report Editor (shown above), start at the top left and go clockwise, following the arrows, until you have a final report. ClearPass Guest 3.9 | Deployment Guide Report Management | 327 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 328
Figure 46 Components of the Report Editor Report Type 328 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 329
the places in the report where template syntax may be used: Properties for source and output filters (range, match and list values) ClearPass Guest 3.9 | Deployment Guide Report Management | 329 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 330
the parameter should have a user interface, the Edit Parameter form will be displayed after clicking the Create Parameter button. 330 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 331
information about a specific username, you could define a parameter in_username that presents a text field to the operator, as shown in the figure below. ClearPass Guest 3.9 | Deployment Guide Report Management | 331 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 332
; you must specify how to classify and format the data before it can be displayed in the generated report. 332 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 333
source fields or derived fields. A derived field is one that can be calculated for each data record selected from the data source. ClearPass Guest 3.9 | Deployment Guide Report Management | 333 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 334
give the field a value. This can be by calculating a value using a PHP expression entered in the Field Expression box. 334 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 335
a list. As one of the selected fields is a date/time field, this is automatically set as the first source filter for you. ClearPass Guest 3.9 | Deployment Guide Report Management | 335 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 336
the fields that you previously created in the Data Source or the Select Fields sections of the Report Editor. 336 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 337
than a bin classification, because the set of possible values is fixed. See "Groups" in this chapter for more information about group classifications. ClearPass Guest 3.9 | Deployment Guide Report Management | 337 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 338
the start and stop numbers, inclusive of the endpoints of the range. The bin offset is used to account for time zones. See "Binning Example - Time Measurements" in this chapter for a description. Discrete the specified source field. 338 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 339
that fall within the same day are assigned the same bin number. The bin offset is used to account for time zones as explained in the . Time measurement: bin by hours - This bin classification method the report as for the statistics. ClearPass Guest 3.9 | Deployment Guide Report Management | 339 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 340
group is calculated Maximum value - the maximum value of the source field over the selected classification group is calculated 340 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 341
value - the minimum value of the statistic field over the selected report dimension is calculated Multiply (value 1 × value 2) - the values are multiplied ClearPass Guest 3.9 | Deployment Guide Report Management | 341 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 342
tab at the top of the Edit Output Series list view to create an output series in the report. 342 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 343
non-included items check box to add a "remainder" row to the output series that summarizes all the remaining items in a single entry. ClearPass Guest 3.9 | Deployment Guide Report Management | 343 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 344
's output. Output filters are of three basic kinds: Range filters check to see if a value falls within a certain range. 344 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 345
item will always be included in the output. No further filters will be applied to the data once this filter has matched. ClearPass Guest 3.9 | Deployment Guide Report Management | 345 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 346
in reports where the HTML output format is selected. Charts are not supported in CSV or plain text reports. The chart is displayed within a styles, font size, axis formatting options, and more. Different types of chart are supported, including: Line Pie Pie 3-D Column Stacked Column - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 347
used as the values to display on the chart. The Pie and Pie 3-D charts support only a single data point for each category value. A pie chart is used to the Reference chapter for details about the template syntax that is supported. The default reports include a standard header block for generated - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 348
editor may then be used to further customize the report by defining new filters, classification groups and output series. 348 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 349
and presentation blocks to generate summarized data of interest to you. Click the Save Changes button to continue to the Report Editor. ClearPass Guest 3.9 | Deployment Guide Report Management | 349 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 350
return to the Report Editor. Click Final Report to run the report and verify the changes you have made. 350 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 351
Today and select an Output Format. These changes are shown in the screen below. 5. Click the Continue button to move to Step 2. ClearPass Guest 3.9 | Deployment Guide Report Management | 351 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 352
Final Report option in the Report Editor you can see the report as it is after these two steps. 352 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 353
the report. You may also want to alter the field description. 10. Click the total_users field and then click the Edit link. ClearPass Guest 3.9 | Deployment Guide Report Management | 353 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 354
. Click the Save Changes button at the bottom of the window to save the changes to the output series. 354 | Report Management ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 355
Final Report icon to preview your new report. Report Troubleshooting Report Preview with Debugging If you are experiencing problems with your report, you can receive help with the bin 0 */ array ( 123 => /* bin value: 123 */ array ( ClearPass Guest 3.9 | Deployment Guide Report Management | 355 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 356
=> /* bin 1 */ ... ) Troubleshooting Tips The following tips may be useful to you when developing new reports. Draw a diagram - the report. Reduce amount of data - When developing a new report, you may find the process editor. This will allow you to develop the basic structure of the report. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 357
menu. A summary of the system's current network configuration is displayed on the Network Setup page, and the results of the network connectivity test are shown below the summary. Additional commands on the Network Setup page let you navigate to various network configuration tasks. ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 358
Policy Manager check box. The form expands to include options for specifying the Policy Manager hostname, username, and password. 358 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 359
device error, event, and profile interval information, as well as the hostname, username, and password for the primary and secondary Profiler servers. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 359 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 360
test determines the current status of the network, and the results of the diagnostic are displayed. The problems that services need to be restarted to verify DNS HTTP proxy access is not available Internet access is not available 360 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 361
list to select it. You can then choose from the following actions: Show Details - Display detailed information and statistics about a network interface. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 361 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 362
and MGT network interfaces may be configured for automatic settings using DHCP or BOOTP, or can be manually configured for an IP address. When you choose one of these settings from the Configuration drop-down by the DHCP server. 362 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 363
To specify an IP address for the network interface, select Manually configure IP address. The following form is displayed for IP address details. The MTU full duplex 100 Mbit, full or half duplex 10 Mbit, full or half duplex ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 363 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 364
with the specified settings. The new settings will be tested and the results of the test displayed. If DNS name resolution is not working, for the network interface. If you are assigning network addresses manually, check that you have provided the correct DNS server addresses 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 365
a routing entry. Click Test Gateway to verify that the gateway IP address is reachable via an ICMP ping. Creating a Tunnel Network Interface ClearPass Guest supports creating a generic routing encapsulation are used. See Figure 47. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 365 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 366
Interface Navigate to Administrator > Network Setup > Network Interfaces to view the list of interfaces currently configured on the system. 366 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 367
interface with the corresponding VLAN identifier. Your network infrastructure must support tagged 802.1Q packets on the physical interface selected. the same properties as a physical network interface. Refer to this guide or the online help for additional details about setting the properties for - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 368
with the specified IP address. The network interface will appear in the list and will be automatically brought up. 368 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 369
, using the following syntax: 1.2.3.4 - IP address 1.2.3.4/24 - IP address with network prefix length 1.2.3.4/255.255.255.0 - IP address with explicit network mask ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 369 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 370
your network's configuration. To view these tools, navigate to Administrator > Network Setup, then click the Network Diagnostics command link. 370 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 371
test connectivity using an ICMP echo request. The test will take approximately 5 seconds to run. Ping URL - Enter a URL to test connectivity using a HTTP request. Only the headers for the specified Internet resource are retrieved. This test username and password to test the results of a RADIUS - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 372
Enter a hostname or IP address to determine the route that packets traverse to that host. The test may take a considerable amount of time (30 seconds or more), depending on network conditions. Administrator > Network Setup page. 372 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 373
operation. While packet capturing is in effect, the status of the packet capture is displayed as part of the Network Diagnostics form. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 373 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 374
has completed, the status is updated, and a link to Download packet capture file is available. Click this link to download a packet capture file, which may be analyzed using the Wireshark IP_address canonical_hostname [aliases...] 374 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 375
network environment. To manage and view the current SNMP configuration click the SNMP Configuration command link on the Administrator > Network Setup page. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 375 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 376
"system" MIB parameters that are frequently used to identify network equipment. See "Supported MIBs" in this chapter for a list of supported MIBs. To restrict access to the SNMP server, a list of IP address access to the SNMP server. 376 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 377
to apply the new SNMP server settings. The settings will take effect immediately. Supported MIBs The SNMP server currently supports the following MIBs: DISMAN-EVENT-MIB HOST-RESOURCES-MIB IF-MIB -USER-BASED-SM-MIB SNMPv2-MIB ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 377 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 378
the Administrator > Network Setup page. See "SMTP Services" in the Guest Management chapter for additional configuration options for SMTP services. The built-in Sendmail mail transfer agent may be mail server requires authentication. 378 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 379
the test screen. Note: Do not use this setting in a production environment. Click the Send Test Message button to send an email to a test email with these options instead: Download the current server certificate - Downloads the current SSL certificate to your Guide Administrator Tasks | 379 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 380
to a certificate authority that supports this form of request submission. Alternatively, you may click the Download the current CSR link to download a .csr file to You will be prompted to do this with the message "system services need to be restarted due to configuration changes." Installing an SSL - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 381
certificate authority's "How To" instructions for details on obtaining the intermediate certificate. Often, it is available from the same page where you downloaded your certificate. The Root "unable to get local issuer certificate". ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 381 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 382
you have provided the correct intermediate certificate. If the problem persists, check with your certificate authority for the appropriate You will be prompted to do this with the message "System services need to be restarted due to configuration changes." Displaying the Current 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 383
described in the Import and export visitor accounts can be of use to ensure that you want to alter the backup filename. Click the Download Backup button to begin the backup. You will be Services, Reporting Manager Definitions and ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 383 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 384
highlighted: not be backed up. . The components of the area are not displayed, and will Click the Download Backup button to start the backup. You will be prompted by your Web browser to save the backup backups on a regular basis. 384 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 385
schedule. The options available are the same as for the manual backup. You are required to enter a prefix for the where the automatic backups are stored. The following URL schemes are supported: FTP: Use the syntax ftp://user:[email protected] 3.9 | Deployment Guide Administrator Tasks | 385 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 386
smb://myuser:[email protected]/backup/server%20backups/ Click the Verify Target button to create a test file in the backup directory. Use this command to verify that you have entered the target URL . To perform a complete 386 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 387
backup, and the restore system. This warning is issued because the software version number cannot be changed by the restore process to the same version at the time of the backup. However, this does not necessarily indicate a problem with the restore. Content Manager The Content Manager allows you to - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 388
them. You can also copy a content item stored on another Web server by downloading it. To use a content item, you can insert a reference to it using HTML that is most suited to the type of content inserted. To manually reference a content item, you can use the URL of the item directly Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 389
to confirm the deletion. You can rename the content item using the Rename link. Click the Download link to save a copy of the content item using your Web browser. You are able to the application and check for common security problems. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 389 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 390
; in this cases, click the Fix this Problem link to apply the changes. To disable a view. If you have taken steps to correct a security problem, a message can be marked as resolved by clicking the the same warning message if the same security problem still exists. For this reason, the Resolved - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 391
been disabled by default. It is recommended to leave this network service disabled unless you have specific requirements to the contrary. Network console, or remotely via SSH). See "Console Login" in the Setup Guide chapter for an explanation. The default root password for the appliance is admin - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 392
software updates using the process. See "Adding or Updating New Plugins" in this chapter for details. In some situations, manual OS updates may be required. Click the Manual OS Updates link to perform manual system maintenance tasks. Manual Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 393
visual appearance Transaction processor plugins-Provide services primarily reserved for internal use by the software and are not exposed in the user for High Availability Services, you must first destroy the clusters, then re-create the ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 394
Setup in the High Availability Services chapter. Managing Subscriptions A subscription ID is a unique number used to identify your software license and any custom software modules that are part of your features of the application. 394 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 395
file to upload it. The Add New Plugin page also provides the option to choose the internet download method. To upload plugins or updates from the internet, navigate to Administrator > Plugin Manager and updates you want to install. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 395 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 396
available. To install the default selections, click the Finish button to download and install the selected plugins. When you select multiple available updates Availability Services. Please see Destroying a Clusterand Cluster Setupin the High Availability Services chapter. Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 397
"Default Settings for Account Creation" in the Guest Management chapter SMS Services- See "Sending an SMS" in the Guest Management chapter SMTP Services- See "SMTP Services" in the Guest and the application URL, and autocomplete. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 397 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 398
Level, Update Base URL and Application URL options should not be modified unless you are instructed to do so by Aruba support. 3. To turn off autocomplete on forms, mark the check box in the Form link on the Available Plugins page. 398 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 399
Management chapter. Server Time The Server Time form allows you to configure the time and date properties of the ClearPass Guest interface. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 399 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 400
To ensure that authentication, authorization, and accounting (AAA) is performed correctly, it is vital server. Do not use the default setting as this may be unreliable. To set the server's time manually, enter a value in the Server Time field using the recommended format, or click the ... button to - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 401
system which stops all services while the reboot is taking place. Restart the system services without stopping the server. values unless you are advised by Aruba support, or you have carefully tested the result of the change in a ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 401 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 402
Data Retention To configure the number of weeks to retain records for data, log files, disabled accounts, and mobile device certificates, click the Configure data retention link in Log Rotation row. The Data disk space notifications. 402 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 403
message is forwarded to the remote collector. For details on defining a database maintenance schedule, See "Changing Database Configuration Parameters" in this chapter. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 403 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 404
up the system's disk. If the disk space check is enabled, the server's free disk space is checked daily at midnight, and if it is below the specified threshold, old log files are go to Administrator > System Control > Database Config. 404 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 405
they are deleted. You can specify how many weeks a guest account persists after the account is disabled in the Guest Accounts field. For mobile device certificates, select the minimum delay, in certificate is automatically deleted. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 405 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 406
in use. A periodic maintenance schedule is highly recommended. You should not disable periodic maintenance unless you have a specific requirement. 406 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 407
be performed immediately. Other users of the system may find the system is unavailable for a short period while the restart takes place. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 407 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 408
the Enable persistent HTTP connections check box. This feature is only supported for HTTP 1.1 compliant clients. Click the Save Changes button to > System Information page provides a summary of hardware, operating system and software information, as well as a snapshot of the current state of the - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 409
This report can be downloaded for support purposes. Adding Disk Space Storage capacity can be increased on VMware-based deployments. To increase available storage, click the Add Space option on the System Information screen. TheAdding Disk Space screen appears. Follow instructions on this page. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 410
. 410 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 411
The system log viewer available on the Support > System Logs page displays messages that -messages generated by the RADIUS server during authentication, authorization or accounting. System Logs-messages generated by the system and various Guest 3.9 | Deployment Guide Administrator Tasks | 411 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 412
-10-04 14:15:31+10] ClearPass Guest info Guest account created for 98084707 XML document (*.xml) - the exported > element. Use the Range option and the Download Limit field to specify whether the current page are displayed in a table on the Support > Application Log page. The System Logs Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 413
the Export tab to save the log in other formats, including HTML, text, CSV, TSV and XML. You can select options to print, email or download the data. ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 413 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 414
414 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 415
you time and resources when dealing with individual accounts. The following diagram shows how the process of processed, and if approved their visitor account is created according to the appropriate Hotspot the details of their newly created visitor account. The customer is automatically logged in - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 416
Hotspot Sign-up command. This allows you to change user interface options and set global preferences for the self-provisioning of visitor accounts. The Enable visitor access self-provisioning check box must be ticked for self-provisioning to be available. 416 | Hotspot Manager ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 417
The skin is seen by all users on the login page. SMS Services Configure the following settings in the SMS Services section of the Hotspot Preferences form to override the default SMS settings You also have the option to allow free access. ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 417 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 418
modify it. The Edit Hotspot Plan appears. You may alter the fields to meet the requirements of your company. 418 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 419
. Managing Transaction Processors Your hotspot plan must also identify the transaction processing gateway used to process credit card payments. ClearPass Guest supports plugins for the following transaction processing gateways: Authorize.Net AIM CyberSource ClearPass Guest 3.9 | Deployment - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 420
that you can use to create hotspot forms and test hotspot transactions. Creating a New Transaction Processor To define the gateway with which you have a service account to display additional configuration fields for that gateway account. 420 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 421
have entered all the required data. Customize User Interface Each aspect of the user interface your Hotspot customers see can be customized. ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 421 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 422
, including credit card information if purchasing access. The progress of the user's transaction is also shown on this page. 422 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 423
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 423 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 424
and test Hotspot self-provisioning pages, as well as log in to and view the Hotspot self-service portal that allows customers to view their current account expiration SelfProvisioning or Self-Service links in the left navigation menu. 424 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 425
its normal functions. The primary node is the active server in a cluster. The cluster's network services are always delivered by the primary node. The secondary node is the backup server in a the primary node has failed. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 425 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 426
note about this architecture are: The RADIUS and Web server protocols (HTTP and HTTPS) are supported by the cluster. The cluster has three IP addresses: each node has its own IP address an uninterrupted network connection. 426 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 427
supported -alive tests have accounting information, are replicated from the primary node to the secondary node. The replication delay will depend on the volume of database updates and system load but is generally only a few seconds. ClearPass Guest 3.9 | Deployment Guide High Availability Services - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 428
virtual IP address when performing any database updates, such as creating new guest accounts or performing RADIUS authentication. This is required so that the changes will be Receipt Options" in the Guest Management chapter) 428 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 429
From a Temporary Outage" in this chapter for instructions on recovering a cluster in this state. The secondary node has taken over the cluster services. The primary node is back online, but the node is down or stopped. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 429 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 430
destroyed and rebuilt. See "Recovering From a Hardware Failure" in this chapter for instructions on recovering a cluster in this state. Email Notification In addition to sending syslog From a Hardware Failure" in this chapter. 430 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 431
on the secondary node to determine the cause of the problem. The cluster IP address is inaccessible and network services are unavailable. Automatic failover will take place after the process of creating a new cluster. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 431 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 432
For the downtime threshold parameter, See "Primary Node Failure" in this chapter. High Availability Services requires an IPv4 multicast address and port number. By default these values are 226.94.1.1 IPv4 multicast traffic. 432 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 433
address in the Virtual IP Address field, or specify than one virtual IP by entering a comma-separated list of multiple IP addresses. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 433 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 434
the setup of the cluster, return to the primary node after preparing the secondary node and click the Confirm Node Settings button. 434 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 435
cluster IP address. Operators should use the cluster's IP address when provisioning guest accounts. Configure NAS devices to redirect visitors to the cluster's IP address for Web including managing the cluster itself. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 435 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 436
corresponding cluster maintenance that is required. Table 37 Failure Modes Failure Mode Software failure - system crash, reboot or hardware reset Power failure Network failure and then click the Recover Cluster command link. 436 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 437
the secondary node is now the new primary node for the cluster. The cluster is back in a fault-tolerant mode of operation. ClearPass Guest 3.9 | Deployment Guide High Availability Services | 437 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 438
, the primary node will be unaffected and the cluster will continue to provide network services without interruption. When the secondary node comes back online, the cluster will be automatically cluster has been destroyed. 438 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 439
Cluster Troubleshooting problem related to the cluster. The log files may be exported to a zip file. If you require support about a cluster-related problem, include a copy of the exported cluster log files with your support request. ClearPass Guest 3.9 | Deployment Guide High Availability Services - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 440
440 | High Availability Services ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 441
> words to underline Shown in fixed-width font Uses CSS formatting Uses predefined style ClearPass Guest 3.9 | Deployment Guide Reference | 441 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 442
For more details about HTML syntax and detailed examples of its use, consult a HTML tutorial or reference guide. Standard HTML Styles ClearPass Guest defines standard CSS classes you can use to provide consistent formatting within the user interface. Examples of these - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 443
interface. Basic Template Syntax Following is a brief introduction to the usage of the Smarty template engine. For more information, please refer to the Smarty documentation at http://www.smarty.net/docs.php place of the {include} tag itself. ClearPass Guest 3.9 | Deployment Guide Reference | 443 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 444
{else} {/if} The condition tested in the {if} ... {/if} block should be a valid PHP expression. and } are specially handled by the Smarty template engine. Using text that contains these characters, such as CSS | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 445
of decimal places to display (default is 0) Date/time formatting; see "nwadateformat Modifier" in this chapter for details about this modifier function ClearPass Guest 3.9 | Deployment Guide Reference | 445 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 446
="images" command="Command Link" linkwidth="400" commandclass="nwaImportant" text="This is a sentence explaining the command." textclass="nwaInfo"}link_here.php{/nwa_commandlink} 446 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 447
in the top left. Usage examples: {nwa_icontext icon="images/icon-info22.png"}Text to display{/nwa_icontext} {nwa_icontext type="info"}Information block{/nwa_icontext} ClearPass Guest 3.9 | Deployment Guide Reference | 447 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 448
and ending quotes are not included in the output. nwa_radius_query {nwa_radius_query _method=MethodName _assign=var ...} Smarty registered template function. Performs accounting-based queries on the RADIUS server and returns the result for use in a template. 448 | Reference ClearPass Guest - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 449
ID of the RADIUS database service handler (this parameter is optional, the default service handler will be used if result. For ease of use, "assign" is also supported as a synonym for "_assign". This template function does , $to_time = null) ClearPass Guest 3.9 | Deployment Guide Reference | 449 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 450
Developer Reference The reference documentation in this section is intended for advanced usage by developers The various request variables may also be accessed using one of two supported methods: {nwa_assign var=_GET.get_variable value=...} {nwa_assign ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 451
, otherwise L1 only expanded - All L1 items have L2 items, L3 only when L2 active all-expanded - All items shown to L3 ClearPass Guest 3.9 | Deployment Guide Reference | 451 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 452
the output: The 'notfound' parameter specifies the return value, if the plugin was not found (default is the empty string). 452 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 453
the output is included only if that privilege is NOT granted (inverts the sense of the test). An optional "level" parameter may be specified, which is the level of access to the a user preference (stored with the Web application user account) ClearPass Guest 3.9 | Deployment Guide Reference | 453 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 454
{nwa_youtube video=ID width=cx height=cy ...} ... {/nwa_youtube} Smarty registered block function. Provides simple support for embedding a YouTube video in the body of a page. The content of this block is the that use non-ASCII characters. 454 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 455
EST 2:13 PM 2 minutes ago The % items on the right hand side are the same as those supported by the php function strftime(). The string "?:", if present will return the string following the "?:" if the nwadateformat Modifier" in this chapter. ClearPass Guest 3.9 | Deployment Guide Reference | 455 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 456
locale, without the date Year as a decimal number without the century (00 to 99) Year as a decimal number A literal % character 456 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 457
false if the file does not exist; otherwise, returns an array of arrays containing each of the parsed records from the file. ClearPass Guest 3.9 | Deployment Guide Reference | 457 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 458
digits. NwaLettersPassword NwaLettersPassword($len) Generates a password of $len characters in length consisting of lowercase letters. NwaMoneyFormat NwaMoneyFormat($amount, $format = null) 458 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 459
the result as a list of records, where each record contains a list of fields. Supports CSV escaping using double quotes. $options may be specified to control additional parsing options described of slice to return; see array_slice() function ClearPass Guest 3.9 | Deployment Guide Reference | 459 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 460
elements: error - set if there was a problem parsing the XML message - describes the parse error and the plus sign is removed; otherwise, if the SMS service handler national prefix is set and the phone number starts with and capital B). 460 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 461
and returns a value in the same row from another column in the table. This function supports the values described in the table below. Table 45 NwaVLookup Options Option Description $value $table fields available for the GuestManager form. ClearPass Guest 3.9 | Deployment Guide Reference | 461 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 462
account automatically account automatically account. This field controls account creation behavior; it is not stored with created visitor accounts account account, the default value is taken from the configuration for the RADIUS Services an account, this field must be other value, account creation will fail - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 463
account username. This option requires the NAS to support Account will expire at date and time Expires interval after first login or after interval total usage Expires interval after first login Expires after interval total usage No expiration time set ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 464
account account may be used. Usage is calculated across all accounting sessions with the same username. Set this field to 0 to disable this account field is only of use when editing a visitor account. It may be set to one of the controls account modifications; it is not stored with the visitor account. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 465
a visitor account. It account modifications; it is not stored with the visitor account. String. Value indicating how to modify the account account creation and modification behavior; it is not stored with created or modified visitor accounts account activation time; "now" to activate the account - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 466
for stations using the account. This field may be portal. The default is to allow guest access to the self-service portal, unless this field is set. Boolean. User does not NAS for login. Guest password changes are only supported for Web login pages and guest self-registration pages Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 467
using the self-service portal. random_password String. This field contains a randomly-generated password. This field is set when modifying an account (guest_edit form). random_password_length will result in sequence numbers 0001, 0002, etc. ClearPass Guest 3.9 | Deployment Guide Reference | 467 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 468
the guest account was registered. to the account.The value of account. schedule_after Integer. Time period, in hours, after which the account account creation behavior; it is not stored with created visitor accounts. schedule_time Integer. Time at which the account self-service portal account - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 469
and may be used to determine the most recent start and stop time of visitor account sessions. String. Username of the account. This field may be up to 64 characters in length. String. The visitor's visitor. String. The visitor's last name. ClearPass Guest 3.9 | Deployment Guide Reference | 469 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 470
Password for the account (used to confirm a manually typed password). personal_details Services form. Table 48 SMS Services This field specifies the handler ID for the SMS service provider. If blank or unset, the default value from Services Standard Fields The table below describes standard fields - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 471
49 SMPT Services Standard Fields specifies a list of additional email addresses that will receive a copy of the visitor account receipt. If the value is default, the default carbon-copy list from the email receipt configuration is used. ClearPass Guest 3.9 | Deployment Guide Reference | 471 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 472
Table 49 SMPT Services Standard Fields (Continued) Field Description the list of additional email addresses that receive a copy of the visitor account under Logout Warnings on the email receipt. If the value is "default vowels 472 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 473
using the IsValidEmail validator, the validator argument may be specified wieth a whitelist/blacklist of domain names. Use the syntax: array( 'allow' => array( ClearPass Guest 3.9 | Deployment Guide Reference | 473 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 474
, for password validation). Defaults to "password2" if not specified. password2_required - if nonzero, indicates that the "password2" entry must be supplied. 474 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 475
configuration. NwaIsValidLifetime - Checks that the value is one of the account lifetime options specified in the Guest Manager configuration. Form Field Conversion (integer value). The conversion leaves blank values unmodified. ClearPass Guest 3.9 | Deployment Guide Reference | 475 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 476
number of fractional digits to use when formatting the monetary amount (other locale settings will remain unchanged in this case). 476 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 477
If set, this value will be returned when the resulting duration (after min_format is taken into account) is 0. NwaExplodeComma Converts a string to an array by splitting the string at each comma formatted, rather than a regular numeric value. ClearPass Guest 3.9 | Deployment Guide Reference | 477 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 478
(parseInt(data.do_expire) != 0) ? Displays "N/A" if the account has no expiration time, or a date Nwa_DateFormat(data.expire_time, in this chapter for a full list of the supported format strings. Nwa_FloatFormat(value, decimals) Converts a | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 479
Authorization Conditions to Attribute Definitions" in the RADIUS Services chapter for more details about using these functions. by PHP function time() User account structure Role definition for user Role ID of user account Calculated session timeout for user, 3.9 | Deployment Guide Reference | 479 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 480
function is useful to see exactly what a NAS is sending, if debugging an authorization problem. Example usage: return ShowAttr rest of condition MacAddr() MacAddr($mac) Converts a MAC address not containing a valid MAC address), returns NULL. 480 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 481
$from_time, $to_time = null, $in_out = null) Calculate the sum of traffic counters for accounting records in the database. This is a multi-purpose function that has a very flexible query time interval in seconds before the current time. ClearPass Guest 3.9 | Deployment Guide Reference | 481 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 482
null) Calculate the number of sessions from accounting records in the database. This is a search for matching accounting records. As number of sessions for matching accounting records in the time interval only considers output (that is, user downloads): return GetUserTraffic(86400,'out') > 10485760 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 483
'out') > 100*1024*1024 && AccessReject() Limit by MAC address, 50 MB download in past 24 hours: return GetCallingStationTraffic(86400, 'out') > 50000000 && AccessReject() GetUserTraffic() additional details on the $ip_addr argument. ClearPass Guest 3.9 | Deployment Guide Reference | 483 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 484
() GetUserSessions($from_time, $to_time = null) Calculate the number of sessions for accounting records matching a specific user-name. The username attribute is looked up automatically typical result follows: array ( 'id' => '2073', 484 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 485
is the IEEE 802 standard format, %02X-%02X-%02X-%02X-%02X-%02X - that is, uppercase hexadecimal with each octet separated with a hyphen. ClearPass Guest 3.9 | Deployment Guide Reference | 485 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 486
is not taken into account.) return GetUserStationCount(365*24*60*60) > 1 && the above. Checks the last year of accounting records and permits a user a maximum of given user account, if the user account was to The$username parameter specifies the user account to modify; use the expression - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 487
for parameters may be quoted using double quotes; backslash escaping is supported within doublequoted strings. General Configuration Table 56 General Configuration Settings Value number (1812) or 0 to look up the port in /etc/services. ClearPass Guest 3.9 | Deployment Guide Reference | 487 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 488
auth" for authentication packets, and "acct" for accounting packets. hostname_lookups = off Log the names of incorrectly. To save yourself the tech support call, you can eliminate those spaces here to enable support for authorization-only RADIUS requests, which have the Service-Type attribute - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 489
will get kicked unnecessarily. proxy.retry_count = 3 The number of retries to send before giving up, and sending a reject message to the NAS. ClearPass Guest 3.9 | Deployment Guide Reference | 489 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 490
that increasing 'max_servers' doesn't seem to make much difference. If this is the case, then the problem is most likely that your back-end databases are taking too long to respond, and are preventing the are probably OK for most sites. 490 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 491
. module.mschap = yes Microsoft CHAP authentication. This module supports MS-CHAP and MS-CHAPv2 authentication. It also enforces the SMB-Account-Ctrl attribute. mschap.use_mppe = no If 'use_mppe' is corrects for that incorrect behavior. ClearPass Guest 3.9 | Deployment Guide Reference | 491 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 492
not be closed and this can lead to the same account being denied access when they are not actually logged in. When this occurs, the user's previous session will be shown as active in the active session list; it can be closed manually here. EAP Module Configuration Set the advanced.eap = 1 option - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 493
.1X Authentication and Certificate Management" in the RADIUS Services chapter for further details. Table 62 Optional EAP configured to proxy the request to another RADIUS server which supports that EAP type. If another module is NOT configured to handle | Deployment Guide Reference | 493 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 494
configuration entry to 'yes', and the reply to the NAS will be taken from the reply to the tunneled request. 494 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 495
not currently supported. LDAP Module LDAP EAS" in the RADIUS Services chapter for further details. Table support SSL, but don't do TLS negotiation (like Novell eDirectory). Applies Novell's account To disable the Novell account policy checks, set for Novell eDirectory support. When defining this - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 496
should be preferred; 'tls_mode' is provided only for LDAP servers like Active Directory which do not support it. ldap.tls_cacertfile = not set A PEM-encoded file that contains the CA Certificates that you hash format" (see: openssl verify). 496 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 497
to 0.8.1 behavior without changing the LDAP data or to gain a little performance if the LDAP data is rather simple (no special operators) ClearPass Guest 3.9 | Deployment Guide Reference | 497 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 498
attributes contained in an Access-Request message. See "Server Configuration" in the RADIUS Services chapter for examples showing how to use the attr_rewrite module. Multiple attr_rewrite modules can Access-Accept or Access-Reject message. 498 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 499
" in this chapter for information about the supported syntax for regular expressions. module.attr_rewrite.name. name of the user to be authenticated or accounted. It is used in Access-Request and Accounting packets. Password: This attribute indicates the | Deployment Guide Reference | 499 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 500
In an Accounting-Request Accounting-Request packet if accounting is supported. Vendor-Specific: This attribute is available to allow vendors to support their own extended Attributes not suitable for general usage. Session-Timeout: This attribute sets the maximum number of seconds of service - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 501
be present in Accounting-Request records where property specifies when the account will expire. tried to log on to the account using an incorrect password. codePage the user tried to log on to this account. mail: The mail property is a an integer that represents the account type. unicodePwd: The - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 502
character that is not a decimal digit The regular expression syntax used is Perl-compatible. For further details on writing regular expressions, consult a tutorial or programming manual. 502 | Reference ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 503
-Request Accounting-Response accounting session time accounting authentication authorization BYOD CA captive portal certificate authority common name (CN) $criteria CRL CSV device provisioning digital certificate ClearPass Guest 3.9 | Deployment Guide IEEE standard for port-based network access - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 504
An authentication framework that supports multiple authentication methods. based authentication method supporting mutual authentication, item of information about a visitor account. guest See Visitor. intermediate CA onboard-capable device Device supported by the QuickConnect application. - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 505
Guest 3.9 | Deployment Guide Characteristics assigned to a Protected EAP. See EAP-PEAP. Test network connectivity using an ICMP echo Formatted template used to generate guest account receipts. The part of a managing digital certificates. See root CA. Service provided by a NAS to an authorized - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 506
guests on the system. Table containing data. Used to interactively display data such as visitor accounts to operators. Someone who is permitted to access the Internet through your Network Access Server. and contents of digital certificates. 506 | Glossary ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 507
274, 320 SNMP 376 account filters creating 183, 188 accounting 25, 29 AAA 113 accounts visitor account 29 Active Directory 161 advanced Apple Captive Network Assistant 136 ClearPass Guest 3.9 | Deployment Guide application log 412 attributes 119 attribute values 145 conditions 119, - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 508
services 302 Web server settings 408 console interface 35 console login 35 content deleting 389 downloading 389 renaming 389 uploading 388 viewing 389 content management 387 creating account 412 customization self-service portal, display functions page 259 self-service portal 269 view - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 509
391 domain joining 157 downloading content 389 downtime threshold ClearPass Guest 3.9 | Deployment Guide expiration time, guest account 213 external authentication server 162 services 310 encoding 126, 217 ethernet settings 363 expiration guest accounts, editing 213 exporting guest accounts - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 510
matching 218 rank ordering 234 file upload size increasing 407 filtering devices 281 guest accounts 212, 215 sessions 296 system log 411 Final report 348 Form field Advanced properties field 244 Validation errors 246 Validation properties 245 ClearPass Guest 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 511
surveys 220 guest access roles 25 Guest accounts Activate 213 Change expiration 213 Delete 213 214 Paging 212 ClearPass Guest 3.9 | Deployment Guide Print 214 Receipts 207 Reset password 212 Scratch Download receipt 264 Email receipts 264 Login page 267 Print receipt 264 Self-service - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 512
maintenance 438 Secondary failure 429 SSL certificate 427 Troubleshooting 439 View log files 439 high availability 425 143 IEEE 802.1X 146 importing certificate 177 devices 292 guest accounts 216 matching fields 218 NAS 126 RADIUS dictionary 142 RADIUS server 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 513
-CHAPv2 160 MTU 363 multiple guest accounts creating 207 N NAS 124, 205 Interface statistics 371 Interfaces 40 Kernel parameters 371 Manual configuration 363 MTU 363 NTP 43, 399 371 VLAN support 367 network configuring 357 diagnostics 360 ClearPass Guest 3.9 | Deployment Guide GRE - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 514
Smarty 443 Quick view 389 R RADIUS server 25, 113 accounting query 448 Active Directory 161 active sessions 294 514 | specific attributes 119, 141 VSA 144 Web logins 128 RADIUS Services module 113 Range filter 335 rauthorizing session 296 reauthorizing session 300 3.9 | Deployment Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 515
Export 322 Grouping 326 History 318 Local RADIUS accounting 325 Managing 318 Parameters 329 Print 318, 317 resetting password 212 RADIUS dictionary 142 Restart services 401 restarting RADIUS server 113 Restore 386 31 Self registration Create 255 Self-service portal 268 Auto login 270 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 516
SMS alert for session 301 Guest account receipt 207 Guest self-registration receipts 265 SMS Services Credits available 305 Guest receipts services 302 configuring 302 sending message 304 SMTP configuration 378 SMTP Services 310 SNMP 375 access 376 Community string 377 Supported Guide - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 517
translation rules 196 troubleshooting 114 application integrity check 394 cluster 439 packet virtual machine 34 NTP and timekeeping 43 NTP configuration 400 visitors 29 account 29 ClearPass Guest 3.9 | Deployment Guide VLAN RADIUS Attributes 123 VLAN interface 367 VSA 144 Delete 145 - Dell PowerConnect W Clearpass 100 Software | 3.9 Deployment Guide - Page 518
518 | Index ClearPass Guest 3.9 | Deployment Guide
ClearPass Guest 3.9
Deployment Guide