Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide PDF

1 of 34
1 of 34

Summary of Content for Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide PDF

Bluesocket Integration Guide

Revision 1.0 13 August 2009

United States of America

+1 (888) 590-0882

Europe, Middle East & Asia

+34 91 766 57 22

Australia & Pacific

+61 2 8669 1140 http://www.amigopod.com

Copyright 2009 amigopod. All rights reserved.

CONFIDENTIAL 2

Table of Contents

Contents

Introduction ................................................................................................................................ 3

Test Environment ................................................................................................................... 4

Integration .............................................................................................................................. 5

Bluesocket Configuration ....................................................................................................... 6

Step 1 Create New Wired and/or Wireless VLAN (Optional) ................................................ 6

Step 2 Create RADIUS Accounting Server .......................................................................... 7

Step 3 Create RADIUS Authentication Server ..................................................................... 8

Step 4 Create Custom Web Login page .............................................................................10

Step 5 Selecting the Custom User Login for Managed Interface ........................................13

Step 6 Configure the Un-Registered Role ..........................................................................14

Amigopod Configuration ............................................................................................................15

Step1 Create RADIUS NAS for Bluesocket ........................................................................15

Step 2 Restart RADIUS Services .......................................................................................16

Step 3 Configure Bluesocket Web Logins Page on Amigopod ...........................................17

Step 4 Confirm External Captive Portal URL ......................................................................19

Step 5 Create a User account ............................................................................................27

Testing the Configuration ..........................................................................................................28

Step 1 Test the RADIUS Authentication Server on the BlueSecure ....................................28

Step 2 - Connect to the Amigopod wired or wireless network ................................................29

Step 3 Confirm DHCP IP Address received ........................................................................30

Step 4 Launch Web Browser and login ..............................................................................32

Step 5 Confirm RADIUS debug messages on amigopod ....................................................34

CONFIDENTIAL 3

Introduction

This document outlines the configuration process on both the Bluesockets BlueSecure wireless controller and the Amigopod appliance to create a fully integrated Visitor Management solution. The solution leverages the captive portal functionality built into the Bluesocket software image. The Captive portal functionality allows a wireless client to authenticate using a web-based portal. Captive portals are typically used in public access wireless hotspots or for hotel in-room Internet access. After a client associates to the wireless network, their device is assigned an IP address. The client must start a web browser and pass an authentication check before access to the network is granted. Captive portal authentication is the simplest form of authentication to use and requires no software installation or configuration on the client. The username/password exchange is encrypted using standard SSL encryption. However, portal authentication does not provide any form of encryption beyond the authentication process; to ensure privacy of client data, some form of link-layer encryption (such as WEP or WPA-PSK) should be used when sensitive data will be sent over the wireless network. Amigopod extends the standard Bluesocket captive portal functionality by providing many advanced features such as a fully branded user interface, SMS integration for delivery of receipts, bulk upload of visitors for conference management, self provisioning of users for public space environments to name a few.

CONFIDENTIAL 4

Test Environment

The test environment referenced throughout this integration guide is based on BSC-1200 controller. Although BSC-1200 is only one of its many hardware platform, the testing and therefore this procedure is valid for all hardware variants from Bluesocket in its BlueSecure Controller platform. The following table shows the software versions used during the integration testing. This document will be updated in the future if changes in either Amigopod or Bluesocket subsequent releases affect the stability of this integration. It is advised that the customer always check for the latest integration guide available from either Amigopod or Bluesocket.

Amigopod Configuration The following table reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: Dated Tested: July 2009 Amigopod Version: Kernel2.0, Radius Services 2.0 Plugins Required: Standard build only Bluesocket Version: 6.4 Integration: HTTP Captive Portal

Bluesocket Configuration The following table reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: Bluesocket IP Address 192.168.160.118 (Protected Interface) Internet Gateway Address 192.168.160.1 Amigopod IP Address 192.168.160.5 Amigopod RADIUS port Auth 1812 Acc 1813 (default settings) Note: Amigopod VMA LAN interface and the Bluesocket controllers Protected Interface were placed into the same subnet.

CONFIDENTIAL 5

Integration

Although the Bluesocket supports both internal and external captive portal functionality, this integration guide will focus on the later as the internal captive portal dictates the use of the internal login page resident on the controller itself. The login page is very basic and doesnt allow for significant customization as is possible with the Amigopod Web Logins feature. Note: Bluesocket does allow for fully customized captive portal pages but this process requires a significant amount of web design experience to produce a professional result. One of amigopods strongest selling points is the Skin Plugin technology where the presentation of the user interface is separated from the mechanics of the underlying application. This allows Amigopod to supply end users with a ready branded Skin for all Amigopod interaction (both Visitor and Administrators) for a small nominal fee at time of purchase. The integration will also leverage the Bluesockets ability to define and reference external RADIUS servers for the authentication and accounting of visitor accounts. In the standalone Bluesocket Guest provisioning solution the local database in each controller is used to store user credentials, limiting the solution to the scope of the local deployment. With the introduction of amigopod, all visitor accounts are created, authenticated and accounted for on the Amigopod internal RADIUS Server.

CONFIDENTIAL 6

Bluesocket Configuration

Step 1 Create New Wired and/or Wireless VLAN (Optional)

A new VLAN can to be created to bind to the new Wireless LAN that will be used for the guest users. From the ControllerInterfaces screen, click on the create button and enter the new VLAN ID and name you wish to use and then click the save button. Note: This is creation of a Managed-side VLAN interface. This step is considered optional as depending on the complexity of the site deployment, the administrator may simply decide associated the new Wireless LAN with the default Management interface and all wireless traffic will be forwarded onto this LAN. The network design of each site will dictate whether a new VLAN is required for separation of traffic. Please refer to the BSC administration guide for detailed steps in creating managed-side VLAN interface.

Click the Save button to save the changes.

CONFIDENTIAL 7

Step 2 Create RADIUS Accounting Server

In order for the Bluesocket to successfully send accounting data associated with traffic being generated by the guest users, accounting server must be created on the controller. From the User AuthenticationAccounting ServersCreateExternal RADIUS Accounting Server menu option in the top right corner, please create a new accounting server. Enter the IP Address of your Amigopod deployment in the Server Address field. This can be found on the console of the booted Amigopod software. There is no need to change the default RADIUS Port Number as this is the default port used by amigopod.

Enter and make note of the Shared Secret used for authenticating the controller to the Amigopod RADIUS server as this will be required during the configuration of the Amigopod software. Click the Save button to save the changes.

CONFIDENTIAL 8

Step 3 Create RADIUS Authentication Server

In order for the Bluesocket to successfully authenticate the guest users that will be provisioned on the Amigopod system, a RADIUS definition needs to be defined on the BlueSecure controller. From the User AuthenticationAuthentication ServersCreateExternal Radius Authentication menu option in the top right corner, please create a new RADIUS authentication server. Enter the IP Address of your Amigopod deployment in the Server IP Address field. This can be found on the console of the booted Amigopod software. There is no need to change the default RADIUS Port Number as this is the default port used by amigopod. Enter and make note of the NAS Identifier and Shared Secret used for authenticating the controller to the Amigopod RADIUS server as this will be required during the configuration of the Amigopod software. Also, make sure that the Enable Server check box is selected so that this RADIUS definition can be used to authenticate the Visitor transiting through the BlueSecure Controller. Please select the accounting server created in step 2 of this document. Completing the Mapping RADIUS Attribute to roles or selection of Default role is required to complete this Bluesocket form. Click the Save button to save the changes.

CONFIDENTIAL 9

CONFIDENTIAL 10

Step 4 Create Custom Web Login page

Although the default web login page on the BlueSecure controller can be used, this integration document will show steps required in creation of a new web login page. From the Web Logins Login ScreensCreateLogin Screen menu option, create a new login form. Please fill in the name field and the default setting is perfectly acceptable for rest of the form. Please refer to the Bluesocket administration guide for details of completing this form. Please note that I have unchecked the Allow guest logins, as it is not needed and it presents a possible security hole.

Click the Save button to save the changes.

CONFIDENTIAL 11

From the Web Logins Login Screens menu option, edit (click on the pencil) the newly created login form.

Click on the Redirection menu option and please fill in the Base URL field and please refer to the Bluesocket administration guide for details of completing rest of this form. Base URL: https://192.168.160.5/weblogin.php/2. Please refer to Step 4 of this integration guide under Amigopod configuration for details of the Base URL. Note: Use of http://192.168.160.5/weblogin.php/2 is an option as Amigopod will accept both URLs. However, https is preferable for security reasons.

CONFIDENTIAL 12

Click the Save button to save the changes. Following is a screenshot of an optional Self Registration setup. This step is identical to the above steps in creating a web login page on the BlueSecure controller. The only difference is the Base URL. Base UR: Https://192.168.160.5/guest_register_1.php. Please refer to Step 4 of this integration guide under Amigopod configuration for details of the Base URL. Note: Use of Http://192.168.160.5/ guest_register_1.php is an option as Amigopod will accept both URLs. However, Https is preferable for security reasons.

Click the Save button to save the changes.

CONFIDENTIAL 13

Step 5 Selecting the Custom User Login for Managed Interface

Newly created Web Login screen must be selected under the Managed Interface. This integration guide uses the physical Managed Interface as its interface for the guest subnet. If VLAN interface is used, then the proper VLAN interface must be selected for this step. Note: If the Default login screen is used, then this step can be skipped. Note: If VLAN Managed interface is in use (an optional step unique to each customers environment), then this step must be for such VLAN Managed interface. From the Network Managed menu option, scroll down the bottom to the Display section of the form. Under Custom User Login pull down menu, select the newly created login form.

Click the Save button to save the changes.

CONFIDENTIAL 14

Step 6 Configure the Un-Registered Role

NOTE: Only follow this step if the initial step of redirection to the Amigopods login screen is unreachable. Step 5 Creation of Customer Login Screen is supposed to dynamically open the un-registered role to the specified base URL. However, during creation and testing of this document, it was found that manual edit of the un-registered role was required. From the User Roles Roles tab the BlueSecure controller, edit the Un-registered roles policies to include Service type of HTTPS. Though many options are available, Action of Allow, Service of HTTPS, Direction of Outgoing, Destination to Amigopod Schedule of Any & User Location of Any is recommended. Note: Creation of Amigopod destination (Amigopod LAN interfaces IP address) is a required step. Please refer to the Bluesocket Administration Guide for details in creating destination.

Click the Save button to save the changes.

CONFIDENTIAL 15

Amigopod Configuration

Step1 Create RADIUS NAS for Bluesocket

In order for the Bluesocket to authenticate users it needs to be able to communicate with the Amigopod RADIUS instance. Back in Step 2 of the Bluesocket configuration, a RADIUS server definition was defined. This step configures the Amigopod NAS definition for the Bluesocket. The RADIUS key used in Step 2 needs to be configured exactly the same here for the RADIUS transactions to be successful. From the RADIUS ServicesNetwork Access Servers screen click on the Create button to add a new NAS device. Enter the IP Address of the Bluesocket, select the NAS Type as Bluesocket and enter the key from Step 2 in the Shared Secret field.

Click the Create NAS button to commit the change to the RADIUS database.

CONFIDENTIAL 16

Step 2 Restart RADIUS Services

A restart of the RADIUS Service is required for the new NAS configuration to take affect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete.

CONFIDENTIAL 17

Step 3 Configure Bluesocket Web Logins Page on Amigopod

By default the Amigopod comes pre-configured with Web Login templates (RADIUS Services Web Logins) for all the major wireless manufactures. The Bluesocket template can be modified to suit the local deployment by adding custom HTML code or defined a unique Amigopod skin for each captive portal page hosted by the Amigopod install as shown below: From the RADIUS ServicesWeb Logins page select the Bluesocket Login entry and Click the Edit button.

CONFIDENTIAL 18

From the RADIUS Web Login page select the Skin that you would like presented as the branding for the Captive Portal page.

Modify the sample HTML in the Header HTML, Footer HTML and Login Message section to customize for your local environment. Click the Save Changes button to commit the changes.

CONFIDENTIAL 19

Step 4 Confirm External Captive Portal URL

The URL that needs to be configured in the Bluesocket External Captive Portal section covered in Step 4 of Bluesocket configuration can be confirmed by clicking on the test button shown on the screen below under the RADIUS Services Web Logins screen:

Click on the Test button

CONFIDENTIAL 20

A Test page will be presented and the URL can be copied from the address bar:

Note: Make note of the URL presented in the web browser after the Test button has been clicked. This URL will be required in the configuration of the captive portal settings on the Bluesocket, Step 4 of Bluesocket configuration. An example of the URL is shown below:

http://192.168.160.5/weblogin.php/2

https://192.168.160.5/weblogin.php/2

Please not that Https is recommended for security reason.

CONFIDENTIAL 21

Guest Self-Registration is also an option. Following are steps in setting up the Amigopod for Guest Self-Registration.

Under the Guest ManagerCustomizationGuest Self Registration screen, open the built-in Guest Self-Registration option and select the Duplicate.

Click to Edit

CONFIDENTIAL 22

Click the Edit under the newly created Guest Self-Registration to edit.

CONFIDENTIAL 23

Click on the Master Enable and check the Enable guest self-registration option.

Note: When using the duplicate feature, the name of the newly create login will be Copy of XXX. It is preferable (not required) to rename the field to meet your naming convention.

Click Save Changes to save configuration.

CONFIDENTIAL 24

Click on the NAS Vendor Settings and check the Enable automatic guest login to a Network Access Server. Then, Select Bluesocket under Vendor Settings pull down menu and type in the IP address of the BlueSecure controller.

Click Save Changes to save configuration.

CONFIDENTIAL 25

The URL that needs to be configured in the Bluesocket External Captive Portal section covered in Step 4 of Bluesocket configuration can be confirmed by clicking on the Launch this guest registration page from the main Customize Guest Self-Registration page.

Click on this link to open the self-registration page

CONFIDENTIAL 26

A Test page will be presented and the URL can be copied from the address bar:

Note: Make note of the URL presented in the web browser after the Test button has been clicked. This URL will be required in the configuration of the captive portal settings on the Bluesocket, Step 4 of Bluesocket configuration. An example of the URL is shown below:

http://192.168.160.5/guest_register_1.php

https://192.168.160.5/guest_register_1.php

Please not that Https is recommended for security reason.

CONFIDENTIAL 27

Step 5 Create a User account

Within the Amigopod RADIUS Server a test user account can be created using the Amigopod Guest Manager. From the Guest Manager menu, select the Create New Guest Account option. Enter the test user details as detailed on the form below and click the Create Account button to save the new test user account.

Note: Make note of the randomly generated Visitor Password as this will be required during the integration testing. If this password is proving difficult to remember during testing you can use the List guest accounts option on the screen to then edit the account and change the password to a more user friendly string.

CONFIDENTIAL 28

Testing the Configuration

Now that the configuration of both the Bluesocket and the Amigopod solution is complete, the following steps can be followed to verify the setup.

Step 1 Test the RADIUS Authentication Server on the BlueSecure

Using the Authentication Test feature, BlueSecure controller can test the validity of the RADIUS Server configuration and connectivity. From the User AuthenticationAuthentication ServersAuthentication Test menu option, please test the newly created RADIUS authentication server. Enter the User name and Password of a user account on the Amigopods RADIUS DB to tests. Please select the proper external server (RADIUS Server created in Step 2) to test.

Click the Submit button to test the authentication server configuration.

CONFIDENTIAL 29

Step 2 - Connect to the Amigopod wired or wireless network

Using a test laptop, connect to the wired or wireless network. The screen capture below is an example that shows the interface used on a Windows XP SP2 based laptop. Although the process differs from laptop to laptop depending on the wired and wireless card drivers installed and different operating systems in use, the basic premise of connecting to the unsecured Guest network should be fundamentally the same. Refer to your laptop manufacturers documentation on the procedure for connecting to wireless networks if you experience basic connectivity.

CONFIDENTIAL 30

Step 3 Confirm DHCP IP Address received

Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server defined on the Bluesocket. Issue the ipconfig command from the Windows Command Prompt to display the IP information received from the DHCP process. As seen from example below, the Wireless adaptor an IP Address of 192.168.10.253 has been received.

Note: On Mac OS X and Linux operating system variants use a Terminal window and enter the ifconfig command to display the same information.

CONFIDENTIAL 31

Following is a screenshot of the Bluesecure controllers Active Connections list after the client connects and receives an IP address.

CONFIDENTIAL 32

Step 4 Launch Web Browser and login

When the web browser on the test laptop is launched the Bluesocket will automatically capture the session and redirect the user to the Amigopod hosted login page as shown below:

Enter the test user details entered and recorded in Step 5 of the Amigopod configuration procedure and click the Login button. At this point the test user should be successfully authenticated and allowed to transit through the controller and onto the Internet or Corporate network. Note: If the web browser fails to redirect check that the DNS server configured in the DHCP Server defined in the Bluesocket is available and successfully resolving domain names. Without name resolution working the web browser will never attempt to connect to the website defined in web browser home page and therefore there is no session for the Bluesocket to redirect. Other situations that can cause issues with the captive portal include but are not limited to:

Web browser home page set to intranet site not available in current DNS Proxy Server configuration in browser using non standard HTTP ports

CONFIDENTIAL 33

Following is a screenshot of the Bluesecure controllers Active Connections list after the client has successfully completed the login process.

CONFIDENTIAL 34

Step 5 Confirm RADIUS debug messages on amigopod

Once the test laptop has successfully authenticated and now able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user in this example, test@acme.com. Select the RADIUS ServicesServer Control menu option and the following screen should be displayed showing the status of the RADIUS server and a tail of the log file, including an entry for the positive au

Manualsnet FAQs

If you want to find out how the W-ClearPass Dell works, you can view and download the Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide on the Manualsnet website.

Yes, we have the Bluesocket Integration Guide for Dell W-ClearPass as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Bluesocket Integration Guide should include all the details that are needed to use a Dell W-ClearPass. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell W-Clearpass 100 Networking Solution Bluesocket Integration Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.