Dell PowerConnect W Clearpass 100 Software HP ProCurve MSM Integration Guide
Dell PowerConnect W Clearpass 100 Software Manual
 |
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 1
HP ProCurve MSM Integration Guide Revision 0.9 Date 22 August 2009 Copyright © 2007 amigopod Pty Ltd amigopod Head Office amigopod Pty Ltd Suite 101 349 Pacific Hwy North Sydney, NSW 2060 Australia ABN 74 124 753 420 Web www.amigopod.com Phone +61 2 8669 1140 Fax +61 7 3009 0329 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 2
...3 Test Environment...4 Integration ...5 Amigopod Configuration ...6 Step 1 - Create RADIUS NAS for HP ProCurve Controller 7 Step 2 - Restart RADIUS Services 8 Modify default user session limits 29 Testing the Configuration...31 Step 1 - Create a test user account 31 Step 2 - Connect to the - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 3
the simplest form of authentication to use and requires no software installation or configuration on the client. The username/password exchange . The following table outlines the HP ProCurve MSM appliances that have been tested with the amigopod solution by either a partner or the vendor directly. - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 4
that the customer always check for the latest integration guide available from either amigopod or Trapeze. Date Tested: AmigoPod Version: Plugins Required: MSM Version: Integration: August 2009 Kernel2.0, Radius Services 2.0.1 Standard build only 5.2.6.2-01-7148 HTTP Captive Portal Amigopod - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 5
the HP ProCurve MSM710 supports both internal and external Captive portal functionality, this integration guide will focus on the later and reference external RADIUS servers for the authentication and accounting of visitor accounts. In the standalone HP ProCurve Guest provisioning solution the - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 6
assumes that the amigopod software or appliance has been powered up and a basic IP configuration has been applied through the setup wizard to allow the administrator to access the Web User Interface. The following table again reviews the IP Addressing used in the test environment but this would - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 7
required in the first step of the HP ProCurve configuration. From the RADIUS ServicesNetwork Access Servers screen click on the Create button to add a new the HP ProCurve Controller, set the NAS Type as Colubris/HP (RFC 3576 Support) and enter the key of wireless in the Shared Secret field. Click - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 8
Step 2 - Restart RADIUS Services A restart of the RADIUS Service is required for the new NAS configuration to take effect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete. CONFIDENTIAL 8 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 9
Step 3 - Create a Web-Login Page From the RADIUS ServicesWeb Logins page select the Create New Web Login page option at the bottom of the page. From the RADIUS Web Login page enter a name - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 10
be modified. These settings can be reviewed in the MSM configuration under Service ControllerPublic AccessAccess Control. The defaults are shown below in the protected by a https session. On the other hand if you are running a Free Hotspot this may not be as much of a concern. Make sure you select - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 11
Web Logins page, select the HP ProCurve MSM Login entry and Click the Test button and in a new window the configured captive portal page will be displayed Note: Make note of the URL presented in the web browser after the Test button has been clicked. This URL will be required in the configuration of - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 12
the Getting Started Chapter of the HP ProCurve Admin Guide. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site , the MSM NAT settings can be found under Service ControllerNetworkInternet Port as shown below: CONFIDENTIAL 12 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 13
you intend to run your network in a routed environment you will either need to update your routing tables on the default gateway router that is servicing the network the Internet port of the MSM is connected to and / or add a static route to the amigopod configuration. To add a static route to - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 14
Click on the Routes option and add in the details for your IP address range allocated to the LAN port on the MSM as shown below: CONFIDENTIAL 14 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 15
port to provide IP addresses to both the MAP-320 and any wired clients connected to this interface of the MSM710. This is configured under Service ControllerNetworksAddress Allocation as shown in the following screen shot: CONFIDENTIAL 15 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 16
providing Access Control in pure wired environments. The many different methods of configuring the Controlled APs, AP Groups, Virtual Service Community (VSC) is covered extensively in the HP ProCurve Admin Guide in Chapters 4 & 5 and is therefore considered outside of the scope of this Integration - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 17
the Service ControllerSecurityRADIUS Profiles screen click the Add New Profile ... button. In the following screen be sure to enter and confirm the following details: • Enter a descriptive name for the Profile Name • Confirm the default setting of 1812 & 1813 for the Authentication & Accounting - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 18
Step 4 - DNS Proxy & Interception configuration In order for the MSM to be able to intercept and redirect any new Guest users to the amigopod hosted Web Login page, the controller must get involved in the DNS resolution process of these users. The MSM DNS configuration allows the definition of - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 19
Internet. As shown in the screen capture below a simple Default Route has been added to MSM config by accessing the IP Routes configuration page under Service ControllerNetwork. CONFIDENTIAL 19 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 20
collection of configuration settings that define key operating characteristics of the service controller and controlled APs. In most cases. A VSC is pane of the Management Tool by clicking on the + sign next to the Service Controller option. You will then be able to see the default VSC available on - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 21
options of both Authentication & Access Control need to be enabled to support the HTML based authentication required for Guest Access. For more information on both of these options please refer to the HP ProCurve Admin Guide Chapter 5 on VSCs. VSC Access Control Configuration Under the Access - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 22
wireless specific settings can be modified to suit your deployment. For our simple test environment we will only be modifying the SSID to be amigopod. All to not enable any of the Wireless Protection features in the test environment. Again depending on your environment and wireless design this may - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 23
option must be set to Remote and configured to point as the RADIUS entry created in the previous step above. Also the RADIUS Accounting option must also be configured to point at the amigopod RADIUS definition created previously as shown below: All remaining VSC configuration options can - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 24
Step 7 - Public Access Configuration Returning to the Service Controller configuration section of the Management Tool, select Step 3 of the amigopod configuration. Please refer to the HP ProCurve Network Access Guide for more information on the Client Options & NOC authentication features to see if - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 25
being configured manually directly on this screen or be dynamically provisioned via RADIUS in a larger centralized management configuration. For the simplicity of the test environment we will configure the attributes locally through this configuration page but an example of the RADIUS account that - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 26
page we defined in Step 4 of the amigopod configuration above. For reference the URL we defined in the previous configuration of this integration guide was: http://10.0.20.60/procurve_login.php From the Public AccessAttributes configuration page click on the Add New Attribute ... button and select - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 27
permit HTTP traffic to the amigopod. In this example we have used captiveportal as the name for the Access List. Optionally we have added support for HTTPS in event that we might want to configure secure login pages to protect username and password credentials or potentially credit card details in - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 28
Finally now that we have created the Access List we need to apply it so it takes affect on the Public Access interface. CONFIDENTIAL 28 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 29
default user session limits Again referencing the HP ProCurve Network Access Guide you may also want to set some default constraints around your Guest on the amigopod based on the returned RADIUS attributes defined in RADIUS ServicesUser Roles. Below are some examples of attributes that can control - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 30
Once all of these changes have been completed you should be left with an Attributes page looking something like the following one. Click the Save button for these changes to be committed to the Public Access configuration. CONFIDENTIAL 30 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 31
and the amigopod solution is complete, the following steps can be followed to verify the setup. Step 1 - Create a test user account Within the amigopod RADIUS Server a test user account can be created using the amigopod Guest Manager. From the Guest Manager menu, select the Create New Guest - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 32
networks if you experience basic connectivity. Note: If the amigopod wireless network is not visible from the test laptop, double check the configuration of the HP ProCurve Controller and potentially source a second wireless test device to see if the problem is laptop specific. CONFIDENTIAL 32 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 33
Step 2 - Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server configured on the HP ProCurve Controller. Issue the ipconfig command from the Windows Command Prompt to - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 34
By clicking on the entry for Wireless Clients on the screen shown above you will be presented with a more detailed view of the wireless client's statistics along with the IP address allocated via DHCP. CONFIDENTIAL 34 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 35
page as shown below (which was defined in the Public Access LOGIN-URL) Enter the test user details entered and recorded in Step 1 above and click the Login button. At this point the test user should be successfully authenticated and allowed to transit through the controller and onto the Internet - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 36
Step 5 - Confirm the login successful from MSM From the VSCUser Sessions tab you will be able to monitor the number and details of authenticated Guest access sessions at any given time. From this interface you also have to option to Logout a user from the Action column of the table shown below: - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 37
able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user - in this example, [email protected]. Select the RADIUS ServicesServer Control menu option and the screen displayed will show the status of the RADIUS server and a tail of - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 38
= 0xe9c9d7c59c932a46d5f4db2a02dfd124 NAS-Identifier = "MSM710" NAS-IP-Address = 10.0.20.25 Framed-MTU = 1496 Connect-Info = "HTTPS" Service-Type = Framed-User Colubris-AVPair = "vsc-name=HP ProCurve" Message-Authenticator = 0x3967060fe0ff01cfc5b0661e2f2c51b4 rlm_chap: Setting 'Auth-Type := CHAP - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 39
roledef ON useraccount.role_id=roledef.id WHERE useraccount.username='[email protected]')) rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: affected rows = 1 rlm_sql (sql): Released sql socket id: 1 Sending Accounting-Response of id 198 to 10.0.20.25 port 32771 CONFIDENTIAL 39 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 40
Step 7 - Check User Experience After successful login the user web browser should be displayed with a Transport page informing them that they are about to be redirected to their original requested page and also the Session pop-up box should be displayed as shown below: CONFIDENTIAL 40 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 41
an extensive RADIUS dictionary of vendors and includes the full list of supported VSAs from HP ProCurve / Colubris. For more details on the definition VSA attributes please refer to the latest HP ProCurve Network Access Guide. In order to setup up this centrally controlled RADIUS configuration of - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 42
User Role The following screenshot from the amigopod RADIUS Services Users Roles shows how several RADIUS attributes have been Customising the Public Access Interface in their Network Access Guide (Chapter 3). To prove that the RADIUS download of the Public Access configuration worked we wanted to - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 43
screen capture shows our new RADIUS user known as [email protected] and the User Role has been set to MSMConfig as discussed. This account should be configured to never expire if you intend to configure the HP ProCurve to perform regular checks of the RADIUS hosted Public Access configuration - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 44
You will recall from Step 8 of the HP ProCurve configuration that under Service ControllerPublic AccessAttributes is where you can then configure the details of this new RADIUS used that will be used to retrieve the Public - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 45
Test Result After making these changes and getting the Test laptop to login again via the Web Login interface we were presented with the following session and logout pages as expected: CONFIDENTIAL 45 - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 46
RADIUS debug successfully shows the Public Access account authentication to the amigopod RADIUS engine and retrieving the 4 new Public Access attributes 25 Framed-MTU = 1496 Connect-Info = "HTTPS" Service-Type = Administrative-User Message-Authenticator = 0xbe139e880c7e2bfa2a0c2a885211ed4a rlm_chap: - Dell PowerConnect W Clearpass 100 Software | HP ProCurve MSM Integration Guide - Page 47
rlm_chap: Using clear text password wireless for user [email protected] authentication. rlm_chap: chap user [email protected] authenticated succesfully Exec-Program: /usr/bin/php /opt/amigopod/www/amigopod_request.php 2 15 Exec-Program-Wait: value-pairs: Colubris-AVPair = "logo=http://10.0.
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
 |
 |
HP ProCurve MSM
Integration Guide
Revision
Date
0.9
22 August 2009
Copyright © 2007 amigopod Pty Ltd
amigopod Head Office
amigopod Pty Ltd
Suite 101
349 Pacific Hwy
North Sydney, NSW 2060
Australia
ABN 74 124 753 420
Web
www.amigopod.com
Phone
+61 2 8669 1140
Fax
+61 7 3009 0329