Dell PowerConnect W Clearpass 100 Software Implementing Accounting-Based Autho
Dell PowerConnect W Clearpass 100 Software Manual
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell PowerConnect W Clearpass 100 Software manual content summary:
- Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 1
Amigopod Implementing Accounting-Based Authorization - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 2
Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 3
login page ...19 Check landing page...20 Check traffic limit ...20 5 Modifying Accounting-Based Authorization 21 Adjusting the traffic limit ...21 Count only uploaded or downloaded traffic 21 Accounting terminology ...21 Counting only downloaded traffic...21 Amigopod |Technical Note Implementing - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 4
technical note explains how to use accounting-based authorization to build a complete portal for a network service that offers free usage to guests, where guests the Amigopod Deployment Guide. Document Overview The first section of the document explains the concept of accounting-based authorization, - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 5
The next section contains a detailed configuration guide for creating the portal. Step-bystep instructions are provided for creating each page, and you read this document, it is best to consider it as a guide to developing your own understanding of the network design topics covered, and as a basis - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 6
This section provides background information explaining the concepts of authorization and accounting, and how these can interact to provide a restricted network service to guests. Authentication, Authorization and Accounting The Amigopod Visitor Management Appliance is built on the industry standard - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 7
based on the accounting records available to the RADIUS server. By using this process, traffic limits can be applied for guests within a particular time period. The example portal developed in this technical note applies a 200 MB combined limit for guest traffic (upload and download), measured in - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 8
authorization rules above should be defined as part of the role that the visitor accounts are using; in this example, the role is the "Traffic Limited Guest role". Authorization during Accounting-Request Because of the authorization rules applied at login time, if the guest is able to successfully - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 9
, if the NAS does not provide the ability to disconnect the session automatically, the session must be monitored by the RADIUS server using RADIUS Interim Accounting updates sent by the NAS. Once the traffic limit has been reached, the session must be terminated as it is no longer authorized. To do - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 10
again. NAS Requirements Full support for an accounting-based authorization model requires NAS equipment that supports at least one of the two approaches described below: 1. Support for limiting individual sessions by traffic counters. 2. Support for both RADIUS Interim Accounting (RFC 2869) and the - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 11
Accounting-based authorization requires the Amigopod RADIUS Services plugin, version 2.1.30 or later. To verify you have the correct plugin versions installed, navigate to Administrator> Plugin Manager>Manage Plugins and check the version number in the list. Use the Update Plugins link to download - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 12
is marked as RFC 3576 capable. If the network access server does not provide RFC 3576 support, the Amigopod RADIUS server will not be able to disconnect sessions that are currently in progress. entered to create the page. 12| Implementing Accounting-Based Authorization Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 13
the Header HTML text area. Refer to the "Basic HTML syntax" section of the Amigopod Deployment Guide for information about the syntax of HTML. Most document text can be easily converted to basic HTML remaining traffic quota. Amigopod |Technical Note Implementing Accounting-Based Authorization |13 - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 14
code is used to display information about the guest's current usage, a message about the service, and a link to the guest's home page. {* This is the actual message displayed {/nwa_icontext} 14| Implementing Accounting-Based Authorization Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 15
follow these tips: Do not use file-sharing or peer-to-peer services like BitTorrent Avoid downloading large files Limit your use of video sharing sites like YouTube to home page *} Amigopod |Technical Note Implementing Accounting-Based Authorization |15 - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 16
evaluates to a URL consisting of the current hostname and the traffic_stats page, which was created previously. If you are using HTTPS for guest 16| Implementing Accounting-Based Authorization Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 17
may be invalid, or you may have exceeded your daily download limit. {/nwa_icontext} {/if} The above example is suitable redirection URL generated by the NAS equipment. Contact Amigopod support if you require additional assistance. 10. The other text Implementing Accounting-Based Authorization |17 - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 18
this technical note does not cover guest account provisioning. For details on sponsored account creation, guest self-registration or guest purchased access, refer to the appropriate section in the Amigopod Deployment Guide. 18| Implementing Accounting-Based Authorization Amigopod |Technical Note - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 19
4 Verifying Accounting-Based Authorization Check NAS captive portal settings Connect to the guest network, and open a web browser. Ensure that the NAS captive portal takes effect, and redirects your web browser to the login page. Troubleshooting tips: If these steps are unsuccessful, check your NAS - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 20
-date view of session statistics on the landing page). Verify that the interim accounting update is reflected in both the Active Sessions list, and on the guest's as well as a message related to the session disconnection. Troubleshooting tips: If the session is not disconnected, check the following - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 21
you must reverse the definition of "input" and "output". If in doubt, perform a large download from a client connected to the NAS in question, and check the accounting statistics - if the "Session Download" is the larger number, then the normal convention applies, and "input" is "upload". Otherwise - Dell PowerConnect W Clearpass 100 Software | Implementing Accounting-Based Autho - Page 22
" to_time="now" in_out="out" _assign=traffic_used} As above, the in_out parameter may be set to "in", "out" or "in_out" to include both directions. 22| Implementing Accounting-Based Authorization Amigopod |Technical Note
Amigopod
Implementing Accounting-Based
Authorization