Dell PowerConnect W Clearpass 100 Software Cisco WLC Integration Guide
Dell PowerConnect W Clearpass 100 Software Manual
 |
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 1
Cisco WLC Integration Guide Revision Ver 0.93b by jhao Date 23 Sept 2011 Copyright © 2011 Aruba Networks, Inc. Aruba Networks HQ Aruba Networks Headquarters 1344 Crossman Ave Sunnyvale, CA 94089-1113 United States of America Web www.arubanetworks.com Phone 1-866-WIFI-LAN - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 2
Step1 - Create RADIUS NAS for Cisco WLC 18 Step 2 - Restart RADIUS Services 19 Step 3 - Configure Cisco Web Login Page 20 Step 4 - Confirm External Captive Portal URL 22 Step 5 - Create a test user account 23 Testing the Configuration ...25 Step 1 - Connect to the Amigopod wireless network 25 - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 3
no software Test Environment The test environment referenced throughout this integration guide guide is valid for any solution based on the Airespace technology. Other Cisco wireless reference designs such as Autonomous IOS Access Points and the preceding WLSM architecture do not natively support - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 4
that the customer always check for the latest integration guide available from either Amigopod or Cisco. Dated Tested: Amigopod Version: Plugins Required: Cisco WLC Version: Integration: September 2011 Kernel3.3.5, Radius Services 3.3.1 Standard build 4.2.209.0 HTTP Captive Portal An Amigopod - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 5
Although the Cisco WLC supports both internal and external Captive portal functionality, this integration guide will focus on the latter guide will also leverage the Cisco WLC's ability to define and reference external RADIUS servers for the authentication and accounting of visitor accounts - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 6
10.51.1.234 10.51.0.1 10.162.110.13 Auth 1812 Acc 1813 (default settings) 10.51.0.10 10.51.1.1-128 Note: In this particular guide, we use the management interface as our WLAN interface. In an actual deployment, oftentimes you'll find a specific interface/VLAN created and designated for use - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 7
Step 1 - Create New VLAN (Optional) A new vlan can to be created to bind to the new Wireless LAN that will be used for the Visitor users. From the ControllerInterfaces screen, click on the Add button and enter the new VLAN ID and name you wish to use and then click the Apply button. This step is - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 8
Step 2 - Add IP Addressing to VLAN (Optional) Now the VLAN has been created, an IP address needs to be assigned to the VLAN interface on the controller. This IP Address will not act as the default gateway for all wireless traffic on the Visitor SSID - this will be provided by an upstream router - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 9
to the Amigopod RADIUS server as this MUST MATCH the configured Shared Secret that will be input during the configuration of the Amigopod software. IMPORTANT: Please ensure that the Network User check box is selected so that this RADIUS server can be used to authenticate Clients connecting - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 10
configured Shared Secret that will be input during the configuration of the Amigopod software. IMPORTANT: Please ensure that the Network User check box is selected so that this RADIUS server can be used to perform accounting for Clients connecting to the WLC IMPORTANT: Click the Apply button to save - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 11
to without authentication. In this guide, we will configure the minimum recommended defined otherwise you may encounter issues during testing. From the SecurityAccess Control Lists menu enables ICMP in any direction (Optional, good for troubleshooting) Rules 2 and 3 enable DNS communication TO and - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 12
6 - Create the new Wireless LAN A WLAN needs to be defined to service the Guests and in the example below you can see the configured ssid is amigopod_guest button to commit the changes. Note: For the purposes of this guide, the Layer 2 Security settings have been configured with Open authentication - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 13
Step 7 - Configure the General WLAN settings Under the WLANs Edit General settings tab the WLAN can be enabled and disabled and also associated with a specific VLAN. IMPORTANT: This is where you will map the desired VLAN/subnet for the desired guest network to the WLAN. Select the desired VLAN - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 14
policy and are therefore considered outside the scope of this configuration guide. IMPORTANT: Under the Security->Layer 3, critical settings for the Now available in WLC code 4.2.x versions the Over-ride global config is now supported on a per SSID basis. In the example we will configure the Web - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 15
the AAA WLAN settings Under the Security->AAA Servers tab the desired RADIUS authentication and accounting servers need to be selected. These fields refer back to the RADIUS authentication and Accounting servers that were previously created in Step 3 and Step 4 (RADIUS Authentication and RADIUS - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 16
is critical for the Amigopod to be able to send an override to the Cisco WLC to terminate the user session based on the desired account lifetime in the Amigopod user interface. IMPORTANT: Without AAA Override enabled you will not be able to disconnect users from the Amigopod user interface - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 17
Configuration The following configuration procedure assumes that the Amigopod software or appliance has been installed properly and the basic 10 10.51.1.1-128 Please refer to the Amigopod Quick Start Guide for more information on the basic configuration of the Amigopod software. CONFIDENTIAL 17 - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 18
on the Create button to create a new NAS device. Enter the IP Address of the Cisco WLC, select the NAS Type as Cisco Systems (RFC3576 Support) and enter the Shared Secret from Step 3 of the Cisco WLC Configuration into the Shared Secret field. NOTE: You may now opt for Amigopod to - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 19
Step 2 - Restart RADIUS Services IMPORTANT: A restart of the RADIUS Service is required for the new NAS configuration to take affect. Click the Restart RADIUS Server link shown below and wait a few moments for the process to complete. CONFIDENTIAL 19 - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 20
Step 3 - Configure Cisco Web Login Page If you opted for a Web Login (Captive Portal) page to automatically be created for you during Step 1 you should now see it under Customization -> Web Logins. The automatically generated Cisco WLC web login page can be modified to suit the local deployment by - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 21
From the RADIUS Web Login Editor page you may customize your Web Login page and/or select the Skin that you would like presented as the branding for this particular Captive Portal page. IMPORTANT: You should select a page name and make note of it. You will need to return to Step 8 Configure the - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 22
If you did not choose to manually configure a page name then the URL that needs to be configured in the Cisco WLC External Captive Portal section covered in Step 8 Configure the Security WLAN settings of the Cisco WLC Configuration can be determined by clicking on the test button shown on the screen - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 23
Note: If you manually configured the page name in Step 3 Configure Cisco WLC Login Page. You should see the page name you selected in the URL. This URL will be required for configuration of the captive portal settings on the Cisco WLC. CONFIDENTIAL 23 - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 24
. Note: Make note of the randomly generated Visitor Password as this will be required during the integration testing. You may edit this password by going to List Accounts and editing the account and change the password to a more user friendly string. IMPORTANT: The new Guest USERNAME will be their - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 25
you experience an issue connecting to the guest network.. Note: If the amigopod_guest wireless network is not visible from the test laptop, double check the configuration of the Cisco WLC and potentially source a second wireless test device to see if the problem is laptop specific. CONFIDENTIAL 25 - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 26
Step 2 - Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server defined on the Cisco WLC. Issue the ipconfig command from the Windows Command Prompt to display the IP - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 27
as shown below: Enter the test user credentials you noted in Step 5 Create a test user account of the Amigopod configuration instructions and click Login. At this point the test user should be successfully authenticated and allowed onto the network. COMMON TROUBLESHOOTING ISSUES: DNS: If the client - Dell PowerConnect W Clearpass 100 Software | Cisco WLC Integration Guide - Page 28
appear in the RADIUS logs confirming the positive authentication of the test user - in the example: [email protected]. Select the positive authentication transaction. This is a useful tool to remember when troubleshooting user authentication issues. A more advanced debugging tool is also
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
 |
 |
Cisco WLC Integration
Guide
Revision
Date
Ver 0.93b by jhao
23 Sept 2011
Copyright © 2011 Aruba Networks, Inc.
Aruba Networks HQ
Aruba Networks Headquarters
1344 Crossman Ave
Sunnyvale, CA 94089-1113
United States of America
Web
www.arubanetworks.com
Phone
1-866-WIFI-LAN