Dell PowerConnect W Clearpass 100 Software Auto Create MAC Auth Account (Authe
Dell PowerConnect W Clearpass 100 Software Manual
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 1
Amigopod Auto Create MAC Auth Account (Authentication Based) - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 2
Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 3
...4 2 Solution Summary ...5 Prerequisites ...5 Test Environment ...5 Aruba Controller Configuration...5 RADIUS Server for MAC Accounts ...8 RADIUS Role to trigger MAC Address Account Creation 10 Testing the Workflow...15 Create Test Account ...15 Initial - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 4
of the Amigopod appliance, refer to the Amigopod Deployment Guide. Document Overview The first section of the document explains the configuration steps required to configure the automatic creation of MAC authentication accounts on Amigopod. The Aruba Controller configuration items are reviewed - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 5
2 Solution Summary Prerequisites Support for the automatic creation of MAC authentication accounts requires the following plugin versions: • Amigopod . Use the Check for Plugin Updates link to download and install updated plugins. Test Environment Amigopod Virtual Appliance running on VMWare Fusion - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 6
AAA Profile aaa profile "amigopod-aaa" authentication-mac "amigopod-mac" mac-default-role "authenticated" mac-server-group "amigopod-srv" radius-accounting "amigopod-srv" rfc-3576-server "172.16.0.20" Captive Portal Profile aaa authentication captive-portal "amigopod-cp" server-group "amigopod-srv - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 7
aaa-profile "amigopod-aaa" ssid-profile "MAC-Auth-CP" SSID Profile wlan ssid-profile "MAC-Auth-CP" essid "amigo-MAC-CP" Amigopod |Technical Note Auto Create MAC Account|7 - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 8
new RADIUS role to hold the logic for the automatic creation of the MAC account. This role can contain any standard RADIUS or Aruba specific attributes that make sense MAC- Guest. Figure 1. Sample RADIUS Role for MAC authenticated devices. 8| Auto Create MAC Account Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 9
role_id 5) as this will be required for the next step and will be referenced in the condition expression configured to automatically create the MAC authentication account. Amigopod |Technical Note Auto Create MAC - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 10
Manager interface or potentially authenticated via external Authentication server such as Active Directory or LDAP. Nonetheless for the automatic creation of the MAC account to happen, the user account needs to below to or be mapped to this RADIUS role described below. Create new RADIUS Role for MAC - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 11
expression is used within a Null attribute. This conditional expression will call internal Amigopod libraries to create the MAC authentication account based on the received Calling-Station-ID in the RADIUS Authentication Request packet. Attribute: Tmp-String-0 Value: Role creation expression - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 12
Expire on the current day at 5pm. Exclude to match the base $user value. 'modify_expire_time'=>'today 17:00', // Overwrite the account if it already exists. 'auto_update_account'=>1))) // Authentication is via an external server || (empty($user['id']) && NwaCreateUser(array // Required field to act - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 13
authenticated session will be disconnected using RFC3576 and the account will be deleted. This configuration is triggered through the attribute do_expire. For more information on these Guest Manager attributes please refer to the Amigopod Deployment Guide. Amigopod |Technical Note Auto Create MAC - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 14
of the configuration of this Null Attribute. Figure 5. Sample of conditional expression used to create the MAC Authentication account. Now that these two RADIUS roles have been configured the underlying logic is in place to support the authentication and automatic creation of MAC Authentication - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 15
in the local Amigopod Guest Manager database that is assigned to the MAC-Auth RADIUS Role created in the previous section. Create Test Account Navigate to the Guests > Create Account option to quickly create a test account and ensure that the Role selected is MAC-Auth. Figure 6. Sample Create - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 16
as shown in Figure 7. Figure 7. List Accounts view with new test account. Initial Connection Attempt From a test WiFi device, connect to the MAC Auth SSID Thu Apr 7 16:39:00 2011 : Info: Using deprecated naslist file. Support for this will go away soon. Now that RADIUS MAC Authentication has failed, - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 17
server log file are shown below. Thu Apr 7 16:39:32 2011 : Auth: Login OK: [[email protected]] (from client 651 port 0 cli 0026BB0C4275) Thu Apr 7 17:39:03 2011 : Auth: : Info: Using deprecated naslist file. Support for this will go away soon. Amigopod |Technical Note Auto Create MAC Account|17 - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 18
651 port 0 cli 0026BB0C4275) Thu Apr 7 16:39:32 2011 : Auth: Login OK: [[email protected]] (from client 651 port 0 cli 0026BB0C4275) Thu Apr 7 17:39:03 2011 : Thu Apr 7 16:39:00 2011 : Info: Using deprecated naslist file. Support for this will go away soon. This can also be confirmed by navigating to - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 19
by a sponsor within the business or potentially leverage Active Directory integration in the authentication process to verify the existence of a corporate AD account before permitting the registration of the device. An extension to this design would be to leverage a Group Membership with AD to - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 20
the available Skin plugins. If the Blank Skin plugin is not available contact your Aruba representative or channel partner for assistance. 20| Auto Create MAC Account Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 21
!$_wpl.browser.is_mobile} {php} header('Location: laptop_detect.php'); {/php} {else} {php} header('Location: aruba_login.php?' . $_SERVER['QUERY_STRING']); {/php} {/if} Amigopod |Technical Note Auto Create MAC Account|21 - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 22
Corp-Secure. Your device details have been logged - do not attempt to connect to this network again. 22| Auto Create MAC Account Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 23
-group "amigopod-srv" redirect-pause 3 no logout-popup-window protocol-http login-page "http://172.16.0.20/login_redirect.php" Amigopod |Technical Note Auto Create MAC Account|23 - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 24
Devices It may be desired to limit the number of MAC devices that are created and tied to a single user account. This can be accomplished with a change to the role expression. return ( ($MAX_MAC_ACCOUNTS = 2) && (NwaRadiusLocalServer()->GetUserCount(array( 'sponsor_name' => strtolower(GetAttr('User - Dell PowerConnect W Clearpass 100 Software | Auto Create MAC Auth Account (Authe - Page 25
(array( // sponsor_name is set to the username on create. 'sponsor_name' => strtolower(GetAttr('User-Name')), // delete_time is 0 for valid accounts. 'delete_time' => 0, // Only search for devices. 'mac_auth' => 1) // Check that the returned count is greater than the allowed. ) >= $MAX_MAC_ACCOUNTS
Amigopod
Auto Create MAC Auth Account
(Authentication Based)