Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide PDF

1 of 20
1 of 20

Summary of Content for Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide PDF

Xirrus Array Integration Guide

Revision

Date

0.90 23 April 2010 Copyright 2009 amigopod Pty Ltd

amigopod Headquarters amigopod Pty Ltd Suite 101 349 Pacific Hwy North Sydney, NSW 2060 Australia ABN 74 124 753 421

Web www.amigopod.com

Phone +61 2 8669 1140

Fax +61 7 3009 0329

CONFIDENTIAL 2

Table of Contents Introduction ................................................................................................................................... 3

Test Environment...................................................................................................................... 3 Integration ................................................................................................................................. 5

Xirrus Array Configuration ............................................................................................................ 6 Step 1 Create RADIUS Authentication Server Instance ........................................................ 7 Step 2 Create an SSID and Configure/Enable Web Page Redirect ...................................... 8 Step 3 RADIUS Configuration ............................................................................................... 9

Amigopod Configuration ............................................................................................................. 10 Step1 Create RADIUS NAS for Xirrus Array ....................................................................... 11 Step 2 Restart RADIUS Services ........................................................................................ 12 Step 3 Configure Xirrus Array Web Logins Page ................................................................ 13 Step 3 Confirm External Captive Portal URL....................................................................... 15 Step 3 Create a test user account ....................................................................................... 16

Testing the Configuration............................................................................................................ 17 Step 1 - Connect to the amigopod wireless network .............................................................. 17 Step 2 Confirm DHCP IP Address received ........................................................................ 18 Step 3 Launch Web Browser and login ............................................................................... 19 Step 4 Confirm RADIUS debug messages on amigopod .................................................... 20

CONFIDENTIAL 3

Introduction This document outlines the configuration process on both the Xirrus Array and the amigopod appliance to create a fully integrated Visitor Management solution. The solution leverages the captive portal functionality built into the Xirrus Array software image. The Captive portal functionality allows a wireless client to authenticate using a web-based portal. Captive portals are typically used in public access wireless hotspots or for hotel in-room Internet access. After a client associates to the wireless network, their device is assigned an IP address. The client must start a web browser and pass an authentication check before access to the network is granted. Captive portal authentication is the simplest form of authentication to use and requires no software installation or configuration on the client. The username/password exchange is encrypted using standard SSL encryption. However, portal authentication does not provide any form of encryption beyond the authentication process; to ensure privacy of client data, some form of link-layer encryption (such as WEP or WPA-PSK) should be used when sensitive data will be sent over the wireless network. Amigopod extends the standard Xirrus Array Captive portal functionality by providing many advanced features such as a fully branded user interface, SMS integration for delivery of receipts, bulk upload of visitors for conference management, self provisioning of users for public space environments to name a few.

Test Environment The test environment referenced throughout this integration guide is based on the Xirrus Array. Testing procedure is valid for all hardware variants from Xirrus in its Array family of products.

CONFIDENTIAL 4

The following table shows the software versions used during the integration testing. This document will be updated in the future if changes in either amigopod or Cisco subsequent releases affect the stability of this integration. It is advised that the customer always check for the latest integration guide available from either amigopod or Cisco. Dated Tested: April 2010 AmigoPod Version: Kernel2.1, Radius Services 2.1 Plugins Required: Standard build only Xirrus Array: System Software - 4.0.6 Build 1169

SCD Firmware - 2.21 Build 3157 Boot Loader - 1.0.0 Build 3090 IAP Driver - 1.5.0 Build 2036

Integration: HTTP Captive Portal Amigopod was deployed locally on the LAN interface of the Xirrus Array as a dedicated appliance. Amigopod VMWare image, or virtual appliance solution, can also be used successfully. Xirrus Array IP Address 192.168.1.104 Internet Gateway Address 192.168.1.1 amigopod IP Address 192.168.1.103 amigopod RADIUS port Auth 1812 Acc 1813 (default settings) The following diagram provides a high level overview of the test topology:

CONFIDENTIAL 5

Integration Although the Xirrus Array supports both internal and external Captive portal functionality, this integration guide will focus on the later (external) as the internal Captive portal dictates the use of the internal Login Page resident on the Array itself. The Login page is very basic and doesnt allow for significant customization as is possible with the amigoPod Web Logins feature. Note: Cisco now allow for fully customized Captive portal pages to be uploaded to the Array and managed via templates on the Cisco WCS management platform but this process requires a significant amount of web design experience to produce a professional result. One of amigopods strongest selling points is the Skin Plugin technology where the presentation of the User Interface is separated from the mechanics of the underlying application. This allows amigopod to supply end users with a ready branded Skin for all amigopod interaction (both Visitor and Administrators) for a small nominal fee at time of purchase. The integration will also leverage the Xirrus Arrays ability to define and reference external RADIUS servers for the authentication and accounting of visitor accounts. In the standalone Xirrus Array Guest provisioning solution the local database in each Array is used to store user credentials, limiting the solution to the scope of the local deployment. With the introduction of amigopod, all visitor accounts are created, authenticated and accounted for on the amigopod internal RADIUS Server.

CONFIDENTIAL 6

Xirrus Array Configuration The following configuration procedure assumes that the Xirrus Array has been powered up and a basic IP configuration has been applied through the CLI to allow the administrator to access the Web User Interface. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: Xirrus Array Address 192.168.1.104 Internet Gateway Address 192.168.1.1 amigopod IP Address 192.168.1.105 amigopod RADIUS port Auth 1812 Acc 1813 (default settings) Note: Although the amigopod is communicating with the Xirrus Array via the 192.168.1.x subnet there will be typically several other IP Addresses allocated to the Array on various interface such as the Service Interface, Management Interface. Some of these addresses will be visible in the following screenshots and this note is made to hopefully avoid any confusion among the various addresses on the WLC and that the 192.168.1.x subnet was simply the chosen subnet for the deployment of amigopod in this test environment. Site specific issues will drive this topology in all cases and this configuration is only provided as a guide to the high level configuration steps.

CONFIDENTIAL 7

Step 1 Create RADIUS Authentication Server Instance In order for the Xirrus Array to successfully authenticate the guest users that will be provisioned on the amigopod appliance, a RADIUS Server needs to be enabled on the Array. From the SecurityGlobal Settings menu option, click the External button at the top middle of the screen.

Click the Apply and the Save button (immediately after) to save changes.

CONFIDENTIAL 8

Step 2 Create an SSID and Configure/Enable Web Page Redirect In order for the Xirrus Array to successfully redirect guest users to the web porta hosted by the Amigopod appliance and forward accounting data associated with traffic being generated by guest users, an SSID need to be created and Web Portal Redirect needs to be enabled and configured; along with a RADIUS definition. From the SSIDsSSID Management menu option, edit the existing SSID (default is Xirrus) or create a new one, by typing the name of the SSID and clicking on the Create button. In this example, weve created an SSID called Amigopod.

Note: When the Create button is depressed, the following message will appear; as all

newly created SSIDs are disabled by default.

Enable the WPR feature by clicking in the WPR check box. This will cause the SSID Amigopod Web Page Redirect Configuration section to appear (see illustration on the following page). Enable the external RADIUS function for the SSID by clicking on the External circle. In the Redirect URL field, type in the address, for example; http://192.168.1.103/xirrusweblogin.php. Type in the Redirect Secret after entering in the Redirect URL.

CONFIDENTIAL 9

Click on the Save button (bottom right).

Step 3 RADIUS Configuration To configure the RADUIS Server, uncheck the Global box; the SSID Amigopod RADIUS Configuration section should appear. Click the External circle and click the Accounting box. Enter the IP Address of your Amigopod appliance and the Port Numbers (note, the same IP Address can be used for both the RADIUS and Accounting Servers). Next, enter the Shared Secret, and verify by typing it a second time in the Verify Secret field (do this for both the RADUS and Accounting Servers). Finally, enable the SSID by clicking on the Enable box next to the SSID name.

Apply and Save your configuration by clicking on the Apply and Save button.

CONFIDENTIAL 10

Amigopod Configuration The following configuration procedure assumes that the amigopod software or appliance has been powered up and a basic IP configuration has been applied through the setup wizard to allow the administrator to access the Web User Interface. The following table reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: Xirrus Array Address 192.168.1.104 Internet Gateway Address 192.168.1.1 amigopod IP Address 192.168.1.103 amigopod RADIUS port Auth 1812 Acc 1813 (default settings) Please refer to the amigopod Quick Start Guide for more information on the basic configuration of the amigopod software.

CONFIDENTIAL 11

Step1 Create RADIUS NAS for Xirrus Array In order for the Xirrus Array to authenticate users it needs to be able to communicate with the amigopod RADIUS instance. Back in Step 3 of the Xirrus Array configuration, a RADIUS server definition was created. This step configures the amigopod NAS definition for the Xirrus Array. The RADIUS key used in Step 3 needs to be configured exactly the same here for the RADIUS transactions to be successful. From the RADIUS ServicesNetwork Access Servers screen click on the Create button to add a new NAS device. Enter the Name and IP Address of the Xirrus Array, leave the NAS Type as Other NAS and enter the key from Step 3 in the Shared Secret field.

Click the Create NAS button to commit the change to the RADIUS database.

CONFIDENTIAL 12

Step 2 Restart RADIUS Services A restart of the RADIUS Service is required for the new NAS configuration to take affect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete.

CONFIDENTIAL 13

Step 3 Configure Xirrus Array Web Logins Page By default the amigopod comes pre-configured with Web Login templates (RADIUS Services Web Logins) for all the major wireless manufactures. The Xirrus template can be modified to suit the local deployment by adding custom HTML code or defined a unique amigopod skin for each captive portal page hosted by the amigopod installed; as shown below: From the RADIUS ServicesWeb Logins page select the Xirrus Login entry and Click the Edit button.

Please note the Xirrus Login template assumes the Virtual Interface address is the default setting of 185.0.0.1. The Virtual Interface IP address is used only in communications between the Array and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address, such as 1.1.1.1. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a backup port.

CONFIDENTIAL 14

From the RADIUS Web Login page select the Skin that you would like presented as the branding for the Captive Portal page.

Modify the sample HTML in the Header HTML, and Login Message section to customize for your local environment. In addition add the following html script to the Footer section:

Click the Save Changes button to commit the changes.

CONFIDENTIAL 15

Step 3 Confirm External Captive Portal URL The URL that needs to be configured in the Xirrus Array External Captive Portal section covered in Step 3 can be confirmed by clicking on the test button shown on the screen below under the RADIUS Services Web Logins screen:

A Test page will be presented and the URL can be copied from the address bar:

CONFIDENTIAL 16

Note: The URL presented in the web browser after the Test button has been clicked will be required in the configuration of the captive portal settings on the Xirrus Array. An example of the URL is shown below:

http://192.1668.1.103/xirrusweblogin.php

Step 4 Create a test user account Within the amigopod RADIUS Server a test user account can be created using the amigopod Guest Manager. From the Guest Manager menu, select the Create New Guest Account option. Enter the test user details as detailed on the form below and click the Create Account button to save the new test user account.

Note: Make note of the randomly generated Visitor Password as this will be required during the integration testing. If this password is proving difficult to remember during testing you can use the List guest accounts option on the screen to then edit the account and change the password to a more user friendly string.

CONFIDENTIAL 17

Testing the Configuration Now that the configuration of both the Xirrus Array and the amigopod appliance is complete, the following steps can be followed to verify the configuration.

Step 1 - Connect to the amigopod wireless network Using a test laptop with a compatible 802.11 based wireless card attempt to connect to the advertised amigopod wireless network. The screen capture below shows the interface used on a Windows XP SP2 based laptop. Although the process differs from laptop to laptop depending on the wireless card drivers installed and different operating systems in use, the basic premise of connecting to the unsecured Guest Wireless network should be fundamentally the same. Refer to your laptop manufacturers documentation on the procedure for connecting to wireless networks if you experience basic connectivity. Note: If the Amigopod wireless network is not visible from the test laptop, double check the configuration of the Xirrus Array and potentially source a second wireless test device to see if the problem is laptop specific.

CONFIDENTIAL 18

Step 2 Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server defined on the Xirrus Array. Issue the ipconfig command from the Windows Command Prompt to display the IP information received from the DHCP process. As illustrated below on the Wireless adapter an IP Address of 192.168.1.101 has been received.

Note: On Mac OS X and Linux operating system variants, use a Terminal window and enter the ifconfig command to display the same information.

CONFIDENTIAL 19

Step 3 Launch Web Browser and login When the web browser on the test laptop is launched the Xirrus Array will automatically capture the session and redirect the user to the amigopod hosted login page as shown below:

Enter the test user details created in Step 3 of the amigopod configuration procedure and click the Login button. At this point the test user should be successfully authenticated and allowed to transit through the Array and onto the Internet or Corporate network. Note: If the web browser fails to redirect check that the DNS server configured in the DHCP Server is available and successfully resolving domain names. Without name resolution working the web browser will never attempt to connect to the website defined in web browser home page and therefore redirection will be unsuccessful. Other situations that can cause issues with the captive portal include but are not limited to:

Web browser home page set to intranet site not available in current DNS Proxy Server configuration in browser using non standard HTTP ports

CONFIDENTIAL 20

Step 4 Confirm RADIUS debug messages on amigopod Once the test laptop has successfully authenticated and now able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user in this example, jsmith@abc.om Select the RADIUS S

Manualsnet FAQs

If you want to find out how the W-ClearPass Dell works, you can view and download the Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide on the Manualsnet website.

Yes, we have the Xirrus Array Integration Guide for Dell W-ClearPass as well as other Dell manuals. All you need to do is to use our search bar and find the user manual that you are looking for.

The Xirrus Array Integration Guide should include all the details that are needed to use a Dell W-ClearPass. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.

The best way to navigate the Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.

This Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.

You can download Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.

To be able to print Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Dell W-Clearpass 100 Networking Solution Xirrus Array Integration Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.