Page 1 Dell Networking W- ClearPass Guest 6.0 Deployment Guide...
Page 2 Networks , the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice.
Page 3: Table Of Contents
Using Standard Guest Management Features Creating a Guest Account Creating a Guest Account Receipt Creating Multiple Guest Accounts Creating Multiple Guest Account Receipts Creating a Single Password for Multiple Accounts Managing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 4 About SMS Guest Account Receipts Onboard Accessing Onboard About ClearPass Onboard Onboard Deployment Checklist Onboard Feature List Supported Platforms Public Key Infrastructure for Onboard Certificate Hierarchy Certificate Configuration in a Cluster Revoking Unique Device Credentials Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 5 Configuring Provisioning Settings Configuring Basic Provisioning Settings Configuring Certificate Properties for Device Provisioning Configuring Revocation Checks and Authorization Configuring Provisioning Settings for iOS and OS X Configuring Instructions for iOS and OS X Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 6 Duplicating a Field Editing a Field Deleting a Field Displaying Forms that Use a Field Displaying Views that Use a Field Customizing AirGroup Registration Forms Configuring the Shared Locations and Shared Role Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 7 Email Receipt Options About Customizing SMTP Email Receipt Fields Customizing Print Templates Creating New Print Templates Print Template Wizard Modifying Wizard-Generated Templates Setting Print Template Permissions Customize SMS Receipt SMS Receipt Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 8 Configuring the Kernel Plugin Configuring the Dell W-ClearPass Skin Plugin Configuring the SMS Services Plugin SMS Services Viewing SMS Gateways Creating a New SMS Gateway Editing an SMS Gateway Sending an SMS About SMS Credits Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 9 Custom LDAP Translation Processing Operator Logins Configuration Custom Login Message Advanced Operator Login Options Automatic Logout Reference Basic HTML Syntax Standard HTML Styles Smarty Template Syntax Basic Template Syntax Text Substitution Template File Inclusion Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 10 GetCallingStationTime() GetCallingStationTraffic() GetCurrentSession() GetIpAddressCurrentSession() GetIpAddressSessions() GetIpAddressTime() GetIpAddressTraffic() GetSessions() GetSessionTimeRemaining() GetTime() GetTraffic() GetUserActiveSessions() GetUserActiveSessionCount() GetUserCumulativeUsage() GetUserCurrentSession() GetUserFirstLoginTime() GetUserSessions() GetUserTraffic() Advanced Developer Reference nwa_assign nwa_bling nwa_makeid nwa_nav nwa_plugin nwa_privilege nwa_replace nwa_text nwa_userpref 10 | Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 11 Format Picture String Symbols Form Field Validation Functions Form Field Conversion Functions Form Field Display Formatting Functions View Display Expression Technical Reference LDAP Standard Attributes for User Class Regular Expressions Glossary Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 11...
Page 12 12 | Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 13: About This Guide
Audience This deployment guide is intended for system administrators and people who are installing and configuring Dell Networking W-ClearPass Guest as their visitor management solution. It describes the installation and configuration process.
Page 14: Contacting Support
CAUTION: Indicates a risk of damage to your hardware or loss of data. WARNING: Indicates a risk of personal injury or death. Contacting Support Web Site Support Main Website dell.com Support Website dell.com/support Documentation Website dell.com/support/manuals 14 | Contacting Support Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 15: Dell Networking W-Clearpass Guest Overview
This chapter explains the terms, concepts, processes, and equipment involved in managing visitor access to a network, and helps you understand how Dell Networking W-ClearPass Guest can be successfully integrated into your network infrastructure. It is intended for network architects, IT administrators, and security consultants who are planning to deploy visitor access, or who are in the early stages of deploying a visitor access solution.
Page 16: Visitor Access Scenarios
Web browser, or sent via SMS or email. Reference Network Diagram The following figure shows the network connections and protocols used by ClearPass Guest. 16 | Visitor Access Scenarios Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 17: Key Interactions
The following figure shows the key interactions between ClearPass Guest and the people and other components involved in providing guest access. Figure 3: Interactions involved in guest access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Interactions | 17...
Page 18: Aaa Framework
In the standard AAA framework, network access is provided to a user according to the following process: The user connects to the network by associating with a local access point [1]. 18 | AAA Framework Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 19: Key Features
Local printer, SMS or email delivery of account receipts Properties" on page 178 Visitor Account Features "Business Logic for Account Independent activation time, expiration time, and maximum usage time Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Features | 19...
Page 20: Visitor Management Terminology
Controls the type of access that an authenticated user is permitted to have. Implemented by a Network Access Server to restrict network access to authorized users Captive Portal only. 20 | Visitor Management Terminology Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 21: Clearpass Guest Deployment Process
Who will manage reporting of guest access? What are the reports of interest? Are any custom reports needed? Network Provisioning Deploying ClearPass Guest requires provisioning the following: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide ClearPass Guest Deployment Process | 21...
Page 22: Site Preparation Checklist
Who will be responsible for printing reports? Network Management Policy Password format for guest accounts? Shared secret format? Operator provisioning? Network Provisioning Physical location? Network connectivity? Security infrastructure? 22 | Site Preparation Checklist Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 23: Security Policy Considerations
AirGroup operator: Register personal devices (Optional) Configure device registration form with drop- "Customizing AirGroup Registration Forms " on page 147 down lists for existing locations and roles Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Security Policy Considerations | 23...
Page 24: Documentation And User Assistance
Words may be excluded from the search by typing a minus sign directly before the word to exclude (for example-exclude). Exact phrase matches may also be searched for by enclosing the phrase in double quotes (for example, “word phrase”). 24 | Documentation and User Assistance Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 25: Field Help
Session cookies are temporary cookies that last only for the duration of one user session. When a user registers or logs in via a W-Series captive portal, Dell uses session cookies solely to remember between clicks who a guest or operator is. Dell uses this information in a way that does not identify any user-specific information, and does not make any attempt to find out the identities of those using its W-Series ClearPass products.
Page 26 26 | Use of Cookies Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 27: Guest Manager
Chapter 3 Guest Manager The ability to easily create and manage guest accounts is the primary function of Dell Networking W-ClearPass Guest. The Guest Manager module provides complete control over the user account creation process. Guest Manager features for managing guest accounts let you:...
Page 28: About Guest Management Processes
At the conclusion of the registration process, the guest is automatically redirected to the NAS to log in. The guest can print or download a receipt, or have the receipt information delivered by SMS or email. 28 | About Guest Management Processes Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 29: Using Standard Guest Management Features
To complete the form, first enter the visitor’s details into the Sponsor’s Name, Visitor Name, Company Name and Email Address fields. The visitor’s email address will become their username to log into the network. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Using Standard Guest Management Features | 29...
Page 30: Creating A Guest Account Receipt
To create multiple accounts, go to Guest > Create Multiple, or click the Create Multiple Guest Accounts command link on the Guest Manager page. The Create Guest Accounts form opens. 30 | Creating a Guest Account Receipt Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 31: Creating Multiple Guest Account Receipts
Create Accounts button after completing the form. Creating Multiple Guest Account Receipts Once a group of guest accounts has been created, the details for the accounts are displayed. Creating Multiple Guest Account Receipts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 31...
Page 32: Creating A Single Password For Multiple Accounts
You can create multiple accounts that have the same password. In order to do this, you first customize the Create Multiple Guest Accounts form to include the Password field. 32 | Creating a Single Password for Multiple Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 33 4. Complete the other fields with the appropriate information, then click Create Accounts. The Finished Creating Guest Accounts view opens. The password and other account details are displayed for each account. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Creating a Single Password for Multiple Accounts | 33...
Page 34: Managing Guest Accounts
See "Customizing Fields " on page 145 for details about this customization process. The default settings for this view are described below. 34 | Managing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 35 Use the paging control at the bottom of the list to jump forwards or backwards by one page, or to the first or last page of the list. You can also click an individual page number to jump directly to that page. Managing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 35...
Page 36 Update Account to set the new expiration time for the guest account. A new account receipt is displayed, allowing you to print a receipt showing the updated account details. Remove – Disables or deletes a guest account. 36 | Managing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 37 NOTE: This form may be customized by adding new fields, or modifying or removing the existing fields. See Forms and Views " on page 150 for details about this customization process. This is the guest_edit form. Managing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 37...
Page 38: Managing Multiple Guest Accounts
You can use the Filter field to narrow the search parameters. You may enter a simple substring to match a portion of the username or any other fields that are configured for search, and you can include the following operators: 38 | Managing Multiple Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 39 Use the Edit tab to make changes to multiple visitor accounts at once. This option is not active if there are no visitor accounts selected. Managing Multiple Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 39...
Page 40: Importing Guest Accounts
Import format: The format of the accounts file is automatically detected. You may specify a different encoding type if automatic detection is not suitable for your data. The Import Format drop-down list includes the following options: 40 | Importing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 41 Use the Match Fields form to identify which guest account fields are present in the imported data. You can also specify the values to be used for fields that are not present in the data. Importing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 41...
Page 42 Click the All link to select all entries on all pages Click the None link to deselect all entries Click the New link to select all new entries 42 | Importing Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 43: Exporting Guest Account Information
Source IP: 10.11.10.254 MAC: unknown Plan: Free Access x 1 Transaction Amount: $0.00 Invoice Number: P-15 Transaction ID: " tagName="notes"/> <GuestUserTags tagValue="2" tagName="[Role ID]"/> <GuestUserTags tagValue="1" tagName="do_expire"/> <GuestUserTags tagValue="1" tagName="simultaneous_use"/> Exporting Guest Account Information Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 43...
Page 44: Mac Authentication In Clearpass Guest
On the controller, the fields look as follows: Figure 8: MAC Authentication Profile Managing Devices To view the list of current MAC devices, go to Guest > List Devices. 44 | MAC Authentication in ClearPass Guest Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 45 You can use the Filter field to narrow the search parameters. You may enter a simple substring to match a portion of any fields that are configured for search, and you can include the following operators: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Managing Devices | 45...
Page 46: Changing A Device's Expiration Date
If you choose Account expires after, the Expires After row is added to the form. Choose an interval of hours, days, or weeks from the drop-down list. 46 | Changing a Device’s Expiration Date Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 47: Disabling And Deleting Devices
To edit a device’s account, click the device’s row in the Guest Manager Devices list, then click its Edit link. The row expands to include the Edit MAC form. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Disabling and Deleting Devices | 47...
Page 48 If you choose Account expires after, the Expires After row is added to the form. Choose an interval of hours, days, or weeks from the drop-down list. The maximum is two weeks. 48 | Editing a Device Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 49: Viewing Current Sessions For A Device
MAC device account During guest self-registration by a mac parameter passed in the redirect URL, creating a parallel account paired with the visitor account Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Viewing Current Sessions for a Device | 49...
Page 50: Creating Devices Manually In Clearpass Guest
In the calendar, use the arrows to select the year and month, click the numbers in the Time fields to increment the hours and minutes, then click a day to select the date. 50 | Creating Devices Manually in ClearPass Guest Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 51: Creating Devices During Self-Registration - Mac Only
Validator: IsValidMacAddress Add or enable mac_auth UI: Hidden field Any other expiration options, role choice, surveys, and so on can be entered as usual. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Creating Devices During Self-Registration - MAC Only | 51...
Page 52: Creating Devices During Self-Registration - Paired Accounts
You will see an entry under both List Accounts and List Devices. Each should have a View Pair action that cross links the two. 52 | Creating Devices During Self-Registration - Paired Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 53: Airgroup Device Registration
Use commas to separate the tag=value pairs in the list. Tag=value pair formats are shown in the following table. Table 10: Tag=Value Pair Formats AP Type Tag=Value Format Name-based AP ap-name=<name> Group-based AP ap-group=<group> FQLN-based AP fqln=<fqln> Dell Networking W-ClearPass Guest 6.0 | Deployment Guide AirGroup Device Registration | 53...
Page 54 2. To work with a device, click the device’s row in the list. The form expands to include the Remove, Edit, and Print options. 54 | Registering Groups of Devices or Services Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 55: Registering Personal Devices
Devices link on the Create AirGroup Device page. The List Device page lets you remove a device; edit a device’s name, MAC address, or shared-user list; print device details; or add a new device. To view and edit your personal AirGroup devices: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Registering Personal Devices | 55...
Page 56: Automatically Registering Mac Devices In Clearpass Policy Manager
1. Go to Configuration > Web Logins, click the row of the page you wish to configure, then click its Edit link. The RADIUS Web Login Editor form opens. 2. Scroll down to the Post-Authentication area. 56 | Automatically Registering MAC Devices in ClearPass Policy Manager Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 57: Importing Mac Devices
Edit the Value of the attribute within the role returning the role to the controller. If you are on the registered MAC, apply the Employee role, otherwise set them as Guest. <?= MacEqual(GetAttr('Calling-Station-Id'), $user['mac']) ? 'Employee' : 'Guest' Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Importing MAC Devices | 57...
Page 58: User Detection On Landing Pages
Please accept the terms before proceeding. {else} You need to register... {/if} You can hide the login form by having the final line of the header be: {if !$guest_receipt.u.username}<div style="display:none">{/if} 58 | User Detection on Landing Pages Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 59: Active Sessions Management
To view details for an active session, click the session’s row in the list, then click its Show Details link. The form expands to include the Session Details view. Active Sessions Management Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 59...
Page 60: Session States
NAS sends an accounting stop message to the RADIUS server. This closes the session. No further accounting updates are possible for a closed session. 60 | Session States Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 61: Rfc 3576 Dynamic Authorization
You may enter a simple substring to match a portion of the username or any other fields that are configured for search, and you can include the following operators: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide RFC 3576 Dynamic Authorization | 61...
Page 62: Disconnecting Multiple Active Sessions
All sessions that started before the specified date and time will be disconnected. 3. Click Make Changes. The specified sessions are closed and are removed from the Active Sessions list. 62 | Disconnecting Multiple Active Sessions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 63: Sending Multiple Sms Alerts
Use the fields on this form to enter the service to use, the recipient’s mobile phone number, the mobile carrier, and the message text. For more information on SMS services, see "SMS Services " on page 228. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Sending Multiple SMS Alerts | 63...
Page 64 64 | About SMS Guest Account Receipts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 65: Onboard
Enables the revocation of unique credentials on a specific user’s device. Leverages ClearPass profiling to identify device type, manufacturer, and model. Accessing Onboard To access Dell Networking W-ClearPass Onboard’s device provisioning features, click the Onboard link in the left navigation. About ClearPass Onboard This section provides important information about Dell Networking W-ClearPass Onboard.
Page 66: Onboard Deployment Checklist
Onboard events are stored in the Application Log for seven days by default. After seven days, significant runtime events are listed in the Audit Viewer in Dell Networking W-ClearPass Policy Manager’s Monitoring module. Onboard events that are listed include:...
Page 67: Onboard Feature List
Test device revocation. Revoke a device’s certificate. Verify that the device is no longer able to authenticate. Verify that re-provisioning the device fails. Onboard Feature List The following features are available in Dell Networking W-ClearPass Onboard. Table 13: Onboard Features Feature Uses Configure wired networks using 802.1X...
Page 68: Supported Platforms
During the device provisioning process, one or more digital certificates are issued to the device. These are used as the unique credentials for a device. To issue the certificate, Dell Networking W-ClearPass Onboard must operate as 68 | Supported Platforms...
Page 69: Certificate Hierarchy
You may revoke the profile signing certificate; it will be recreated when it is needed for the next device provisioning attempt. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Certificate Hierarchy | 69...
Page 70: Certificate Configuration In A Cluster
NOTE: OCSP and CRL are not used when using PEAP unique device credentials. The ClearPass Onbord server automatically updates the status of the username when the device's client certificate is revoked. 70 | Certificate Configuration in a Cluster Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 71: Re-Provisioning A Device
Network Requirements for Onboard For complete functionality to be achieved, Dell Networking W-ClearPass Onboard has certain requirements that must be met by the provisioning network and the provisioned network: The provisioning network must use a captive portal or other method to redirect a new device to the device provisioning page.
Page 72: Configuring Online Certificate Status Protocol
NOTE: A certificate revocation list does not require the use of HTTPS and can be configured to use HTTP. Network Architecture for Onboard The high-level network architecture for the Onboard solution is shown in the following figure. 72 | Configuring Online Certificate Status Protocol Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 73 Figure 11 1. Users bring their own device to the enterprise. 2. The Dell Networking W-ClearPass Onboard workflow is used to provision the user’s device securely and with a minimum of user interaction. 3. Once provisioned, the device re-authenticates to the network using a set of unique device credentials. These credentials uniquely identify the device and user and enable management of provisioned devices.
Page 74: Network Architecture For Onboard When Using Clearpass Guest
ClearPass Guest RADIUS server, you should deploy Policy Manager for authentication. 74 | Network Architecture for Onboard when Using ClearPass Guest Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 75: The Clearpass Onboard Process
Devices Supporting Over-the-Air Provisioning Dell Networking W-ClearPass Onboard supports secure device provisioning for iOS 4, iOS 5, and recent versions of Mac OS X (10.7 “Lion” and later). These are collectively referred to as “iOS devices”. The Onboard process for iOS...
Page 76: Devices Supporting Onboard Provisioning
Devices Supporting Onboard Provisioning Dell Networking W-ClearPass Onboard supports secure device provisioning for Microsoft Windows XP (service pack 3 and later), Microsoft Windows Vista, Microsoft Windows 7, Apple Mac OS X 10.5 and 10.6, and Android devices (smartphones and tablets). These are collectively referred to as “Onboard-capable devices”. The Onboard process for...
Page 77 1. When a BYOD device first joins the network it does not have a set of unique device credentials. This will trigger the captive portal for that device, which brings the user to the mobile device provisioning page. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Devices Supporting Onboard Provisioning | 77...
Page 78: Managing Provisioned Applications
To manage your applications: 1. Go to Onboard > Applications. The Applications form opens. 78 | Managing Provisioned Applications Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 79: Configuring The User Interface For Device Provisioning
NOTE: If this check box is not marked, device provisioning will be inoperative. Select the appropriate Onboard configuration from the Configuration drop-down list. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the User Interface for Device Provisioning | 79...
Page 80: Using The {Nwa_Mdps_Config} Template Function
Browsing to this URL will install the root certificate on the device, which is required as part of the pre-provisioning step. Example: root_cert <a href="{nwa_mdps_config name=root_cert}"> Install Onboard root certificate</a> 80 | Using the {nwa_mdps_config} Template Function Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 81: Configuring The Certificate Authority
"Certificate Configuration in a Cluster " on page Setting Up the Certificate Authority The Certificate Authority Settings form is used to set up the mode of operation for the certificate authority. Configuring the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 81...
Page 82: Setting Up A Root Certificate Authority
Settings form opens. The Root Certificate Settings form is used to configure the distinguished name and properties for the certificate authority’s root (self-signed) certificate. 82 | Setting Up a Root Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 83 NOTE: If you have previously created any client or server certificates or performed device provisioning using the existing root certificate, these certificates will be invalidated when changing the root certificate's private key. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Setting Up a Root Certificate Authority | 83...
Page 84: Setting Up An Intermediate Certificate Authority
To avoid the complication of revoking and reissuing certificates, it is recommended that you configure the certificate authority before any device provisioning or other configuration is done. 84 | Setting Up an Intermediate Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 85 NOTE: MD5 is not recommended for use with certificate authority certificates. Mark the Generate CA certificate request and invalidate all other certificates check box to confirm the changes. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Setting Up an Intermediate Certificate Authority | 85...
Page 86: Obtaining A Certificate For The Certificate Authority
Click the Request a Certificate link on this page. The Request a Certificate page opens. Click the link to submit an advanced certificate request. The Advanced Certificate Request page opens. 86 | Obtaining a Certificate for the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 87 Click the Submit button to issue the certificate. Either the Certificate Pending or the Certificate Issued page is displayed. Figure 20: The Certificate Pending Page Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Using Microsoft Active Directory Certificate Services | 87...
Page 88: Installing A Certificate Authority's Certificate
2. On either the Root Certificate Settings or Intermediate Certificate Settings page, click the Import Certificate link above the form. The Step 1 area of the CA Certificate Import form opens. 88 | Installing a Certificate Authority’s Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 89 To upload a combined certificate and private key, choose a file in either PEM (base-64 encoded) or PKCS#12 format. If the private key has a passphrase, enter it in the Private Key Passphrase and Confirm Passphrase fields. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Installing a Certificate Authority’s Certificate | 89...
Page 90: Renewing The Certificate Authority's Certificate
The data retention policy for certificates and certificate requests can be configured by navigating to Onboard > Certificate Authority Settings and clicking the Configure data retention link. The Manage Data Retention form is displayed. 90 | Renewing the Certificate Authority’s Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 91: Uploading Certificates For The Certificate Authority
To view the properties of a certificate in the trust chain, click the Show certificate link. The Certificate Information view opens. Uploading Certificates for the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 91...
Page 92 2. In the Format row, choose the certificate format. The form expands to include configuration options for that format. 3. Complete the fields with the appropriate information, then click Export Certificate. 92 | Uploading Certificates for the Certificate Authority Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 93: Creating A Certificate
In the first part of the form, provide the identity of the person or device for which the certificate is to be issued (the “subject” of the certificate). Together, these fields are collectively known as a distinguished name, or “DN”. Country State Locality Organization Creating a Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 93...
Page 94 International Mobile Equipment Identity (IMEI) number allocated to this device. Integrated Circuit Card Identifier (ICCID) number from the Subscriber Identity Module Device ICCID (SIM) card present in the device. 94 | Specifying the Identity of the Certificate Subject Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 95: Issuing The Certificate Request
Android, Windows, or None (if not associated with a device type). Table 17 lists the types of certificate that are displayed in this list. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Issuing the Certificate Request | 95...
Page 96: Searching For Certificates In The List
Click the column headers to sort the list view by that column. Click the column header a second time to reverse the direction of the sort. 96 | Searching for Certificates in the List Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 97: Working With Certificates In The List
– one consisting of several words, mixed upper- and lower-case letters, and punctuation or other symbol characters. Click the Export Certificate button to download the certificate file in the selected format. Revoke certificate – Displays the Revoke Certificate form. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Working with Certificates in the List | 97...
Page 98 Onboard may be deleted at any time after import. For all other certificates, this option is only available if the data retention policy is configured to permit the certificate’s deletion. See "Configuring Data Retention Policy for Certificates" on page 98 | Working with Certificates in the List Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 99: Working With Certificate Signing Requests
If you choose Base-64 Encoded, the form expands to include the Trust Chain row. You can use this option to create and export a certificate bundle that includes the Intermediate CA and Root CA and can be imported in Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Working with Certificate Signing Requests | 99...
Page 100 Reject request – Displays the Reject Request form. Use this action to reject the request for a certificate. Rejected requests are automatically deleted according to the data retention policy. 100 | Working with Certificate Signing Requests Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 101: Importing A Code-Signing Certificate
Onboard supports importing a code-signing certificate chain and private key for signing the Windows provisioning application. Certificates can be uploaded as PFX, PKCS-12, SPC, or PKCS-7, and can include a chain of certificates. Importing a Code-Signing Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 101...
Page 102 1. Go to Onboard > Certificate Management and click the Generate a new certificate signing request link. The Certificate Request Settings form opens. 2. In the Certificate Type drop-down list, choose Code-Signing. 102 | Importing a Code-Signing Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 103: Importing A Trusted Certificate
Certificate Management list. You can click the Show Certificate link next to the certificate’s name to view the certificate’s details. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Importing a Trusted Certificate | 103...
Page 104: Requesting A Certificate
Providing a Certificate Signing Request in Text Format If you have a certificate signing request in text format, click the Copy and paste certificate signing request as text radio button. 104 | Requesting a Certificate Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 105: Providing A Certificate Signing Request File
Alternatively, if you have the certificate signing request as a file, click the Upload certificate signing request file radio button. Use the Certificate Signing Request field to select the appropriate file for upload. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Providing a Certificate Signing Request File | 105...
Page 106: Specifying Certificate Properties
The Device Provisioning form is organized in tabbed pages, with separate tabs for general, iOS & OS X, Legacy OS X, Windows, Android, and Onboard Client information. 106 | Specifying Certificate Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 107: Configuring Basic Provisioning Settings
A setting of 0 minutes is not recommended as this does not permit any variance in clocks between devices. When issuing a certificate, the certificate’s validity period is determined as follows: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Basic Provisioning Settings | 107...
Page 108 Unique device identifier (UDID) for this device. This is typically a 64-bit, Device UDID mdpsDeviceUdid (.2) 128-bit or 160-bit number represented in hexadecimal (16, 32, or 40 108 | Configuring Certificate Properties for Device Provisioning Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 109: Configuring Revocation Checks And Authorization
Specify an OCSP responder URL – The Authority Info Access extension is added to the client certificates, with the OCSP responder URL set to a value defined by the administrator. This value may be specified in the “OCSP URL” field. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Revocation Checks and Authorization | 109...
Page 110: Configuring Provisioning Settings For Ios And Os X
3. Use the Display Name and Profile Description text fields to control the user interface displayed during device provisioning. 110 | Configuring Provisioning Settings for iOS and OS X Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 111: Configuring Instructions For Ios And Os X
2. In the Allow Automatic Reconnect row, mark the check box if you want to allow the device to be automatically reconnected to the provisioned network. Automatic reconnect only applies when there is a single network configured to “Automatically join network.” Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Instructions for iOS and OS X | 111...
Page 112: Configuring Provisioning Settings For Legacy Os X Devices
To specify provisioning settings related to legacy OS X 10.5 and 10.6 (Leopard and Snow Leopard) devices: 1. Go to Onboard > Provisioning Settings and click the Legacy OS X tab. 112 | Configuring Provisioning Settings for Legacy OS X Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 113: Configuring Provisioning Settings For Windows Devices
Configuring Provisioning Settings for Windows Devices To specify provisioning settings related to Windows devices: 1. Go to Onboard > Provisioning Settings and click the Windows tab. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Provisioning Settings for Windows Devices | 113...
Page 114: Configuring Provisioning Settings For Android Devices
Configuring Provisioning Settings for Android Devices To specify provisioning settings related to Android devices: 1. Go to Onboard > Provisioning Settings and click the Android tab. 114 | Configuring Provisioning Settings for Android Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 115 The text can be entered as HTML code, and you can use Smarty template functions. If this field is left empty, the default text will be displayed. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Provisioning Settings for Android Devices | 115...
Page 116: Configuring Options For Legacy Os X, Windows, And Android Devices
Use this option when DNS resolution of the system’s hostname is not available for devices that are in a provisioning role. 116 | Configuring Options for Legacy OS X, Windows, and Android Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 117: Configuring Network Settings For Device Provisioning
To configure the network settings that will be sent to a provisioned device, go to Onboard > Network Settings, or click the Network Settings command link. The Network Settings list view opens. Configuring Network Settings for Device Provisioning Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 117...
Page 118: Configuring Basic Network Access Settings
NOTE: Navigating between different tabs will save the changes you have made. The modified settings are indicated with a “#” marker in the tab. The settings used for device provisioning are not modified until you click Create Network. 118 | Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 119 9. If you have selected the Personal (PSK) security type, you must provide the pre-shared key in the Password field. Selecting this security type will hide the Protocols, Authentication, and Trust tabs. 10. In the Wireless Network Settings area: Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 119...
Page 120: Configuring 802.1X Authentication Network Settings
GTC, TTLS with PAP, and TLS. The Windows EAP option supports PEAP with MSCHAPv2 and TLS. These best practices are recommended when choosing the 802.1X authentication methods to provision: 120 | Configuring 802.1X Authentication Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 121: Configuring Device Authentication Settings
(as for Onboard devices). When this option is selected, EAP-TTLS or PEAP must be selected on the Protocols tab. 2. The Windows Authentication options that may be selected are: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Device Authentication Settings | 121...
Page 122: Configuring Mutual Authentication Settings
Create Network button to make the new network configuration settings take effect Click the Cancel button to discard your changes and return to the main Onboard configuration user interface 122 | Configuring Mutual Authentication Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 123: Configuring Trust Settings Manually
Android supports only a single trusted certificate; this must be the root CA that issued the authentication server’s certificate. Be aware that if None is selected, 802.1x authentication might not work. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Trust Settings Manually | 123...
Page 124: Configuring Windows-Specific Network Settings
Protocols tab. Do one of the following: Click the Previous button to return to the Trust tab. Click the Next button to continue to the Proxy tab. 124 | Configuring Windows-Specific Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 125: Configuring Proxy Settings
To configure the VPN settings that will be sent to a device, go to Onboard > VPN Settings, or click the VPN Settings command link. The VPN Settings page opens. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Proxy Settings | 125...
Page 126 Identity Certificate – The client certificate issued during device provisioning will also be used as the identity certificate for VPN connections. This option requires configuring your VPN server to allow IPSec authentication using a client certificate. 126 | Configuring an iOS Device VPN Connection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 127: Configuring An Ios Device Email Account
Exchange mail server and want to automatically provide the email settings to users provisioning their mobile devices. NOTE: Onboard Exchange ActiveSync settings can only be used with iOS 4 and iOS 5 devices. Other platforms are not supported. Configuring an iOS Device Email Account Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 127...
Page 128 Exchange integration. 128 | Configuring an iOS Device Email Account Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 129: Configuring An Ios Device Passcode Policy
NOTE: Onboard Passcode Policy settings can only be used with iOS 4 and iOS 5 devices. Other platforms are not supported. Configuring an iOS Device Passcode Policy Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 129...
Page 130: Resetting Onboard Certificates And Configuration
This page is used to delete certificates, or restore the default configuration for Onboard. These options are useful while trailing the Onboard workflow with a set of test devices. 130 | Resetting Onboard Certificates and Configuration Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 131: Onboard Troubleshooting
Device Provisioning Failures Symptom: Device provisioning fails on iOS with the message “The server certificate for https://… is invalid”. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Onboard Troubleshooting | 131...
Page 132 Web server’s SSL certificate (if it is a self-signed certificate), or the certificate authority that issued the SSL certificate. This is not recommended for production deployments as it increases the complexity of deployment for users with iOS devices. 132 | Onboard Troubleshooting Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 133: Configuration
Chapter 5 Configuration Dell Networking W-ClearPass Guest’s built-in Configuration editor lets you customize many aspects of the appearance, settings, and behavior of the application. Areas you can customize include: Guest Manager configuration Fields, forms, and views in ClearPass Guest Guest self-registration processes and forms...
Page 134: Configuring Clearpass Guest Authentication
6. To redirect HTTP access to use HTTPS instead, mark the check box in the Security row. Content Manager The Content Manager allows you to upload content items to Dell Networking W-ClearPass Guest. Content items are assets such as text, images, and animations that are made available for guest access using the application’s built- in Web server.
Page 135: Uploading Content
To download a file from the Internet for use in ClearPass Guest: 1. Go to Configuration > Content Manager, then click the Download New Content tab. The Fetch Content form is displayed. Uploading Content Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 135...
Page 136: Additional Content Actions
Quick View link can be used to display certain types of content inline, such as images and text. The item is displayed below its row in the list. The Quick View link is not available for all content types. 136 | Additional Content Actions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 137: Customizing Guest Manager
Site SSID—The Site SSID is the public name of the wireless local area network (WLAN). The default setting for this field is Aruba, and can be changed. The site SSID is displayed in the guest receipt as the WiFi Network, as shown below: Customizing Guest Manager Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 137...
Page 138 (!#$%&()*+,-./:;<=>?@ [\\]^_{|}~,). The available options for this setting are: No password complexity requirement At least one uppercase and one lowercase letter 138 | Default Settings for Account Creation Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 139 “Expires After” field when creating a user account. Lifetime Options—Default values for account lifetimes. These options are displayed as the values of the “Account Lifetime” field when creating a user account. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Default Settings for Account Creation | 139...
Page 140 When “Require click to print” is selected, the receipt page provides a drop-down list of print templates and a Print link that must be clicked to display the account receipt: 140 | Default Settings for Account Creation Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 141: About Fields, Forms, And Views
This field is the password for the visitor account and may be provided directly. If this field is not specified, then randomly generate a password (according to the values of the random_password_method and random_password_length fields). Dell Networking W-ClearPass Guest 6.0 | Deployment Guide About Fields, Forms, and Views | 141...
Page 142: Visitor Account Activation Properties
If modify_expire_time is “expire_after” or “expire_time”, then the expiration time is determined according to the expire_after or expire_time fields as explained below. 142 | Visitor Account Activation Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 143: Other Properties
Standard Forms and Views The figure below shows the standard forms and views in the application. The table below lists all the forms and views used for visitor management. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Other Properties | 143...
Page 144 – displays a list of current or historical sessions (See "Active Sessions Management " on page 59.) guest_users view – displays a list of guest accounts optimized for working with individual accounts 144 | Standard Forms and Views Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 145: Customizing Fields
The Field Type can be one of String, Integer, Boolean or No data type. The No data type field would be used as a label, or a submit button. Customizing Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 145...
Page 146 Select the Show advanced properties check box to reveal additional properties related to conversion, display and dynamic form behavior. See "View Field Editor" on page 169 in this chapter for more information about advanced properties. 146 | Creating a Custom Field Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 147: Duplicating A Field
Shared Roles fields are text boxes where the user enters the information. These fields can be configured as selection options populated with existing locations or roles. Configuring the Shared Locations and Shared Role Fields To configure a predefined list of shared locations or shared roles: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Duplicating a Field | 147...
Page 148 Vertical Rows or Horizontal Rows field. If the Layout field is left blank, the default layout of a single list of checklist options is displayed. To ensure the values are stored correctly as a comma-separated list: 148 | Configuring the Shared Locations and Shared Role Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 149: Example
If the layout is set to vertical and the following options are specified: AP-Group=Location-1 | Location One AP-Group=Location-2 | Location Two AP-Location-3 | Location Three The user interface appears as follows: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Example: | 149...
Page 150: Customizing Forms And Views
Reset to Defaults link to remove your modifications and restore the original form. Resetting a form or view is a destructive operation and cannot be undone. You will be prompted to confirm the form or view reset before it proceeds. 150 | Customizing Forms and Views Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 151: Editing Forms And Views
Use the Title and Description properties of the duplicated item to describe the intended purpose for the form or view. Click the Show Usage link for a duplicated form or view to see the operator profiles that are referencing it. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Editing Forms and Views | 151...
Page 152: Editing Forms
Form Field Editor The form field editor is used to control both the data gathering aspects and user interface characteristics of a field. 152 | Editing Forms Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 153: Form Display Properties
The image may be regenerated, or played as an audio sample for visually impaired users. When using the recommended validator for this field (NwaCaptchaIsValid), the security code must be matched or the form submit will fail with an error. Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 153...
Page 154 To store a comma-separated list of the selected values, enable the Advanced options, select “NwaImplodeComma” for Conversion, select “NwaExplodeComma” for Display Function and enter the field’s name for Display Param. 154 | Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 155 Date/time picker – A text field is displayed with an attached button that displays a calendar and time chooser. A date may be typed directly into the text field, or selected using the calendar: Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 155...
Page 156 This option is often used to force a specific value such as a user’s role or an expiration date. However, it is possible for someone to use browser tools to modify the initial value when the 156 | Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 157 The text displayed for each option is the value from the options list. When the form is submitted, the key of the selected value becomes the value of the field. Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 157...
Page 158 To set the value of this field, use the Initial Value option in the Form Validation Properties area of the form field editor. 158 | Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 159 Allowing HTML from untrusted sources is a potential security risk. If the Hide when no options are selectable check box is selected in the Collapse row, the field will be hidden if its value is blank. Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 159...
Page 160 The field’s value is not used, and the field is not submitted with the form. When using this user interface element, it is recommended that you use the “nwaImportant” CSS class to visually distinguish the group heading’s title. 160 | Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 161 Text field – The field is displayed as a single-line text box. The text typed in this box is submitted as the value for the field. A short text label may be placed after the text box using the Label After option. Form Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 161...
Page 162: Form Validation Properties
All values supplied for a required field are always validated, including blank values. Validation errors are displayed to the user by highlighting the field(s) that are in error and displaying the validation error message with the field: 162 | Form Validation Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 163: Examples Of Form Field Validation
With these validator settings, users that enter an invalid value will now receive a validation error message: Furthermore, note that blank values, or non-numeric values, will result in a different error message: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Examples of Form field Validation | 163...
Page 164 \d is used to match a single digit. Many equivalent regular expressions could be written to perform this validation task. See "Regular Expressions" on page 305 for more information about regular expressions. 164 | Examples of Form field Validation Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 165: Advanced Form Field Properties
Guest must supply field (match case) from the drop-down list. If the guest’s entry does not successfully match the preregistered value, the account registration will not succeed. For example, if a list of email addresses Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Advanced Form Field Properties | 165...
Page 166: Form Field Validation Processing Sequence
The user interface is displayed as a text field, but the value that is required for the form processing is a UNIX time (integer value). 166 | Form Field Validation Processing Sequence Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 167 This function is used to perform the conversion in the reverse direction – between the internal stored value and the value displayed in the form field. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Form Field Validation Processing Sequence | 167...
Page 168 Additional examples of the Visible If conditional expressions can be found in the guest_edit form. 168 | Form Field Validation Processing Sequence Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 169: Editing Views
Add Field tab to add a new column to the view. View Field Editor The view field editor is used to control the data-display aspects of a column within the view. Editing Views Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 169...
Page 170 "View Display Expression Technical Reference" on page 303 for technical information about this display expression and a list of the functions that are available to format the value. 170 | View Field Editor Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 171: Customizing Self-Provisioned Access
URL of the ‘Go To’ link. To complete the portal, ensure that the NAS is configured to authorize users with the ClearPass Guest RADIUS server, and set up the self-registration NAS login to redirect registered guests back to the NAS. This process is shown below. Customizing Self-Provisioned Access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 171...
Page 172: Creating A Self-Registration Page
To create a new guest self-registration page, go to Configuration > Guest Self-Registration and click the Create new self-registration page link. The Customize Guest Registration form is displayed. 172 | Creating a Self-Registration Page Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 173: Editing Self-Registration Pages
1. Navigate to Configuration > Guest Self-Registration 2. Select an entry in the Guest Self-Registration list, then click Edit. 3. The Customize Guest Registration workflow page appears, as shown below Editing Self-Registration Pages Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 173...
Page 174: Configuring Basic Properties For Self-Registration
To create a self-registration page with new values, select the Guest Self- Registration (guest_register) option from the Parent field drop-down menu. 174 | Configuring Basic Properties for Self-Registration Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 175: Paying For Access
Access control entries are more specific when they match fewer IP addresses. The most specific entry is a single IP address (for example, 1.2.3.4), while the least specific entry is the match-all address of 0.0.0.0/0. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Paying for Access | 175...
Page 176: Editing Registration Page Properties
Click the Save and Reload button to update the self-registration page and launch or refresh a second browser window to show the effects of the changes. 176 | Editing Registration Page Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 177: Editing The Default Self-Registration Form Settings
Validator field should be set to IsNonEmpty. 7. Click Save Changes. The Customize Form Fields view opens again, and the password field is now included and can be edited. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Editing the Default Self-Registration Form Settings | 177...
Page 178: Editing Guest Receipt Page Properties
2. Select an entry in the Guest Self-Registration list and click its Edit link. The Customize Guest Registration workflow page appears. 3. In the Receipt Page area of the diagram, click the Actions link. The Receipt Actions form opens. 178 | Editing Guest Receipt Page Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 179: Enabling Sponsor Confirmation For Role Selection
The Customize Guest Registration diagram opens. 2. In the Receipt Page area of the diagram, click the Actions link. The Receipt Actions form opens. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Enabling Sponsor Confirmation for Role Selection | 179...
Page 180 8. To confirm the guest’s access, the sponsor clicks the click here link in the email, and is redirected to the Guest Registration Confirmation form. 180 | Enabling Sponsor Confirmation for Role Selection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 181: Editing Download And Print Actions For Guest Receipt Delivery
The Email Delivery options available for the receipt page actions allow you to specify the email subject line, the print template and email format, and other fields relevant to email delivery. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Editing Download and Print Actions for Guest Receipt Delivery | 181...
Page 182: Editing Sms Delivery Of Guest Receipts
These options under Enabled are available to control delivery of SMS receipts: 182 | Editing SMS Delivery of Guest Receipts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 183: Enabling And Editing Nas Login Properties
2. In the lower-right corner of the diagram, click the NAS box or the NAS Vendor Settings link. The NAS Login form opens. 3. Mark the Enabled check box to expand the form. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Enabling and Editing NAS Login Properties | 183...
Page 184: Editing Login Page Properties
Launch network login link from the self-registration process diagram, as shown below: The options available under the Login Form heading may be used to customize the login page. 184 | Editing Login Page Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 185 The login message page is displayed after the login form has been submitted, while the guest is being redirected to the NAS for login. The title and message displayed on this page can be customized. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Editing Login Page Properties | 185...
Page 186: Self-Service Portal Properties
The portal offers guests the ability to log in with their account details, view their account details, or change their password. Additionally, the Reset Password link provides a method allowing guests to recover a forgotten account password. 186 | Self-Service Portal Properties Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 187: Resetting Passwords With The Self-Service Portal
Resetting Passwords with the Self-Service Portal The self-service portal includes the ability to reset a guest account’s password. The default user interface for the self-service portal is shown below: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Resetting Passwords with the Self-Service Portal | 187...
Page 188 With these settings, the user interface for resetting the password now includes a question and answer prompt after the username has been determined: 188 | Resetting Passwords with the Self-Service Portal Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 189: Email Receipts And Smtp Services
Edit link. The Customize Guest Self-Registration diagram opens. 2. In the Receipt Page area, click the Actions link. The Receipt Actions form opens. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Email Receipts and SMTP Services | 189...
Page 190: Configuring Email Receipts
The Customize Email Receipt form may be used to set default options for visitor account email receipts. To configure email receipt options, go to Configuration > Email Receipt. The Customize Email Receipt form opens. 190 | Configuring Email Receipts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 191 4. Choose a value from the Send Copies drop-down list to specify how copies of the email receipts will be sent to the additional email addresses listed in the Copies To field: Do not send copies – The Copies To list is ignored and email is not copied. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Email Receipt Options | 191...
Page 192: About Customizing Smtp Email Receipt Fields
– This field specifies the subject line for the email message. Template variables appearing in the value will be expanded. If the value is “default”, the default subject line from the email receipt configuration is used. 192 | About Customizing SMTP Email Receipt Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 193 Logout Warnings on the email receipt.If the value is “default”, the default carbon- copy list under Logout Warnings from the email receipt configuration is used. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide About Customizing SMTP Email Receipt Fields | 193...
Page 194: Customizing Print Templates
Create new print template link. This opens a window with four parts. The first part lists the variables that can be used in the template together with their meaning and an example of each. 194 | Customizing Print Templates Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 195 <th class="nwaLeft">guest name</th> <td class="nwaBody">{$u.guest_name}</td> </tr> {/if} If this code is placed in the User Account HTML section it will cater for the create, edit and delete options. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Creating New Print Templates | 195...
Page 196: Print Template Wizard
Once you have created a print template using the print template wizard, you can return to the wizard to modify it. Click the Edit print template code (Advanced) link to use the standard print template editor. See "Creating New Print Templates" on page 194 for a description. 196 | Print Template Wizard Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 197: Setting Print Template Permissions
Read-only access – the print template is visible in the list, and the settings for it may be viewed. The print template cannot be edited or deleted. Setting Print Template Permissions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 197...
Page 198: Customize Sms Receipt
SMS plugin configuration page. Use the SMS receipt page for further customization. For information on standard SMS services, see "SMS Services " on page 228. Figure 32: Customize SMS Receipt page 198 | Customize SMS Receipt Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 199: Sms Receipt Fields
By default, the print templates include username, password, and expiration, as well as other options. For the purpose of access codes, we only want the username presented. This access code login example bases the print template off Dell Networking W-ClearPass Guest 6.0 | Deployment Guide SMS Receipt Fields | 199...
Page 200 7. To preview the new template, select the template in the Guest Manager Print Templates list, then click Preview. The template created in this example appears as shown below. 200 | Create the Print Template Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 201: Customize The Guest Accounts Form
10 accounts that will expire in two weeks, or fours hours after the visitors first log in, whichever comes first. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Customize the Guest Accounts Form | 201...
Page 202 See "Create the Print Template" on page 199 for a description of this procedure. A new window or tab will open with the cards. 202 | Create the Access Code Guest Accounts Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 203: Hotspot Manager
Internet. This can save you time and resources when dealing with individual accounts. Accessing Hotspot Manager To access Dell Networking W-ClearPass Guest’s hotspot management features, click the Configuration link in the left navigation, then click Hotspot Manager. About Hotspot Management The following diagram shows how the process of customer self provisioning works.
Page 204: Managing The Hotspot Sign-Up Interface
Manage Hotspot Sign-up command. The Hotspot Preferences form opens. This form allows you to change user interface options and set global preferences for the self-provisioning of visitor accounts. 204 | Managing the Hotspot Sign-up Interface Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 205: Captive Portal Integration
This is used to automatically redirect the customer on successful completion of the sign-up process. For browsers without JavaScript, you may use the <noscript> tag to allow customers to sign up: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Captive Portal Integration | 205...
Page 206: Web Site Look-And-Feel
(font size and color for example), its header and footer, button style, and so on. The default skin used by Dell Networking W-ClearPass Guest is the one that is enabled in the Plugin Manager. The skin is seen by all users on the login page.
Page 207: Editing Or Creating A Hotspot Plan
Edit link in the plan’s row. The Edit Hotspot Plan form opens. The procedures are the same for both the Create Hotspot Plan and the Edit Hotspot Plan forms. Editing or Creating a Hotspot Plan Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 207...
Page 208 The ampersand symbol (&) is replaced with a random character (letter, digit, or punctuation symbol) All other characters are used without modification For more information, see "Format Picture String Symbols" on page 297. 208 | Editing or Creating a Hotspot Plan Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 209: Managing Transaction Processors
The Manage Hotspot Plans list opens with the new plan displayed. Managing Transaction Processors Your hotspot plan must also identify the transaction processing gateway used to process credit card payments. Dell Networking W-ClearPass Guest supports plugins for the following transaction processing gateways: Authorize.Net AIM...
Page 210: Managing Existing Transaction Processors
After the customer’s transaction has been processed successfully, the customer receives an invoice containing confirmation of their transaction and the details of their newly created hotspot user account. You can customize the 210 | Managing Existing Transaction Processors Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 211: Customizing The User Interface
4. Click Save Changes. Customizing the User Interface Each aspect of the user interface your hotspot customers see can be customized. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Customizing the User Interface | 211...
Page 212: Customizing Visitor Sign-Up Page One
“Choose Plan” page. The introduction and the footer are HTML text that can use template syntax. See "Smarty Template Syntax" on page 264 in the Reference chapter. Customizing Visitor Sign-Up Page Two 212 | Customizing Visitor Sign-Up Page One Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 213 The example below shows the default “Your Details” page for a customer who chooses the Free Access plan. Customizing Visitor Sign-Up Page Two Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 213...
Page 214 The Edit Hotspot User Details Page form opens. You can use this form to edit the content displayed when the customer enters their personal details, including credit card information if purchasing access. The progress of the user’s transaction is also shown on this page. 214 | Customizing Visitor Sign-Up Page Two Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 215: Customizing Visitor Sign-Up Page Three
Page three of the guest self-provisioning process provides the customer an invoice containing confirmation of their transaction and the details of their newly created wireless account. An example of the default “Your Receipt” page is shown below. Customizing Visitor Sign-Up Page Three Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 215...
Page 216 The Edit Hotspot User Receipt Page form opens. You can use this form to edit the title, introductory text, and footer text of the receipt page. 216 | Customizing Visitor Sign-Up Page Three Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 217: Viewing The Hotspot User Interface
To access either of these user pages, navigate to Configuration > Hotspot manager and select the Self- Provisioning or Self-Service links in the left navigation menu. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Viewing the Hotspot User Interface | 217...
Page 218 218 | Viewing the Hotspot User Interface Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 219: Administration
The Administration module provides tools used by a network administrator to perform both the initial configuration and ongoing maintenance of Dell Networking W-ClearPass Guest. Accessing Administration To access Dell Networking W-ClearPass Guest’s administration features, click the Administration link in the left navigation. Figure 34: The Administration Module’s Left Navigation...
Page 220: Airgroup Services
AirGroup Services This section describes configuration options for the AirGroup Services plugin, and provides links to other AirGroup steps performed in Dell Networking W-ClearPass Guest. For an overview of AirGroup functionality, see "AirGroup Deployment Process " on page 23. For complete AirGroup deployment information, refer to the AirGroup Deployment Guide and the ClearPass Policy Manager documentation.
Page 221: Creating Airgroup Administrators
248. Creating AirGroup Operators AirGroup Operators are users of Dell Networking W-ClearPass Guest who can provision a limited number of their own personal devices. Each device provisioned by an operator is automatically shared with all of that operator’s provisioned devices. The operator can also define a group of other users who are allowed to share the operator’s devices.
Page 222: Import Configuration
5.0 MB, you must specify a URL instead. Click the Restore a backup from a URL link above the Upload File form. The Specify Backup File form is displayed. 222 | Import Configuration Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 223: Plugin Manager
You can click a plugin’s name to go directly to that area of the application— for example, clicking the name of the SMTP Services plugin opens the Customize Email Receipt page in the Configuration module. Viewing Available Plugins Plugin Manager Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 223...
Page 224: Configuring Plugins
To view or change the configuration settings for a plugin, click the plugin’s Configuration link. The Configure Plugin form shows the current configuration settings for a plugin, and allows you to make changes to these settings. 224 | Configuring Plugins Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 225: Configuring The Kernel Plugin
"Creating AirGroup Administrators " on page 221 Kernel—See "Configuring the Kernel Plugin " on page 225 Dell ClearPass Skin—See "Configuring the Dell W-ClearPass Skin Plugin " on page 226 Guest Manager—See "Default Settings for Account Creation" on page 137 SMS Services—See "Sending an SMS "...
Page 226: Configuring The Dell W-Clearpass Skin Plugin
A Web application’s skin determines its visual style—the colors, menus, and graphics. You can use either the standard Dell ClearPass skin plugin, a blank plugin if you are providing your own complete HTML page, or custom skin plugins that let you configure the colors, navigation, logo, and icons.
Page 227: Configuring The Sms Services Plugin
Enable link. If you prefer to use the standard Dell ClearPass skin, navigate to it in the Available Plugins list and click its Enable link. The default skin is displayed on all visitor pages, and on the login page if no other skin is specified for it. However;...
Page 228: Sms Services
1. Go to Administration > SMS Services > SMS Gateways. The SMS Gateways list view opens. This list displays the name and available credits for any currently defined SMS gateways. 228 | SMS Services Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 229: Creating A New Sms Gateway
An SMS gateway is automatically created and added to the SMS Gateways list when you enter your subscription ID in Dell Networking W-ClearPass Policy Manager at Administration > Agents and Software Updates > Software Updates. You can also use ClearPass Guest to create an SMS gateway.
Page 230 7. In the Message Format row, if needed for custom SMS handlers, you can specify that the message format should be converted to hex-encoded UTF-16 (Unicode). 230 | Creating a New SMS Gateway Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 231: Editing An Sms Gateway
2. Click the gateway’s row in the list. The row expands to include the Edit SMS Gateway form for the existing gateway. 3. The SMS Gateway field displays the gateway service that was selected when the gateway was created. This cannot be edited after creation. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Editing an SMS Gateway | 231...
Page 232: Sending An Sms
You are able to send an SMS message if the system has been configured to allow this. To send an SMS message: 1. Go to Administration > SMS Services > Send SMS. The New SMS Message form opens. 232 | Sending an SMS Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 233: About Sms Credits
About SMS Credits Most SMS providers use a system of credits when for sending messages. In Dell Networking W-ClearPass Guest SMS Services, one credit is used for each sent message. The credit is used when the message is sent, regardless of whether the recipient actually receives the message.
Page 234: Sms Receipt Options
Dell Networking W-ClearPass Guest may be configured to automatically send SMS receipts to visitors, or to send receipts only on demand. To manually send an SMS receipt: 1. Navigate to the Guest > List Accounts and click to expand the row of the guest to whom you want to send a receipt.
Page 235 6. To include the carrier in the list of choices for users, mark the Enable check box. Working with the SMTP Carrier List Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 235...
Page 236: Support Services
14. When all fields are completed appropriately, click Edit Carrier or Create Carrier. The SMS SMTP Carrier List is updated with the changes. Support Services The Administration > Support Services page provides links to Dell Networking W-ClearPass Guest documentation, the application log, and Dell Customer Support contact information. 236 | Support Services...
Page 237: Viewing The Application Log
To search for a particular log record, use the Keywords field above the table to enter search terms. You can use the hyphen character (-) in front of a keyword to exclude items, and you can use quotes (“ “) to group words as a key phrase. Viewing the Application Log Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 237...
Page 238: Exporting The Application Log
5. Click Export. You are given the option to open the file, save it to your Downloads folder (the default), or save it to another location. 238 | Exporting the Application Log Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 239: Contacting Support
Contacting Support To view contact information for Dell Support, go to Administration > Support > Contact Support. The Contact Support page opens. This page provides the following information: Toll-free telephone numbers for North American support A link to contact Dell Support by email...
Page 240 6. Click a result link. The online help opens in a separate browser tab with the destination displayed. 240 | Viewing Documentation Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 241: Operator Logins
Chapter 8 Operator Logins An operator is a company’s staff member who is able to log in to Dell Networking W-ClearPass Guest. Different operators may have different roles that can be specified with an operator profile. These profiles might be to administer the ClearPass Guest network, manage guests, or run reports.
Page 242: Role-Based Access Control For Multiple Operator Profiles
Operator Profiles An operator profile determines what actions an operator is permitted to take when using Dell Networking W- ClearPass Guest. Some of the settings in an operator profile may be overridden in a specific operator’s account settings. These customized settings will take precedence over the default values defined in the operator profile.
Page 243 If you choose the Custom setting for an item, the form expands to include additional privileges specific to that item. 3. The User Roles list allows you to specify which user databases and roles the operator will be able to access. Creating an Operator Profile Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 243...
Page 244 IDs 2 and 3 (Guest and Employee), and with the field <= is less than or equal to named "custom_field" set to "Value". matches the regular expression does not match the regular expression 244 | Creating an Operator Profile Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 245: Configuring The User Interface
You can use the Customization option in the Operator Profile Editor to override default forms and views and specify different ones to be used for the operator profile. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the User Interface | 245...
Page 246: Operator Profile Privileges
Changing expiration time of guest accounts Creating multiple guest accounts Creating new guest accounts Editing multiple guest accounts Exporting guest account data Full user control of guest accounts 246 | Operator Profile Privileges Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 247: Managing Operator Profiles
ClearPass Policy Manager with a role that matches an operator profile in Guest, then rules are used to map the role to the Guest operator profile. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Managing Operator Profiles | 247...
Page 248: Creating A New Operator
NOTE: The operator management features, such as creating and editing operator logins, apply only to local operator logins defined in ClearPass Guest. You cannot create or edit operator logins using LDAP. Only authentication is supported. 248 | Creating a New Operator Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 249: Manage Ldap Operator Authentication Servers
Manage LDAP Operator Authentication Servers Dell Networking W-ClearPass Guest supports a flexible authentication mechanism that can be readily adapted to any LDAP server’s method of authenticating users by name. There are built-in defaults for Microsoft Active Directory servers, POSIX-compliant directory servers, and RADIUS servers.
Page 250 When you have completed the form, you can check your settings. Use the Test Username and Test Password fields to supply a username and password for the authentication check, then click the Test Settings button. If the 250 | Creating an LDAP Server Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 251: Advanced Ldap Url Syntax
Configuration form and use original server’s properties as a template for creating a new server. Disable—Temporarily disables a server while retaining its entry the server list. Enable—Reenables a disabled LDAP server. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Advanced LDAP URL Syntax | 251...
Page 252: Ldap Operator Server Troubleshooting
Log In to attempt to authenticate the LDAP server, or click Cancel to cancel the test. The Authentication Test area is added above the server names to indicate the test’s progress. 252 | LDAP Operator Server Troubleshooting Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 253: Looking Up Sponsor Names
Invalid credentials (password is incorrect) Not permitted to log on at this time Not permitted to log on at this workstation Password has expired Account is disabled Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Looking Up Sponsor Names | 253...
Page 254: Ldap Translation Rules
2. In the Name field, enter a self-explanatory name for the translation rule. In the example above, the translation rule is to check that the user is an administrator, hence the name MatchAdmin. 254 | LDAP Translation Rules Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 255 9. Click Save Changes to save your rule settings. The Administration > Operator Logins > Translation Rules window shows a list of all configured translation rules. LDAP Translation Rules Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 255...
Page 256: Custom Ldap Translation Processing
For example, to permit non-administrator users to access the system only between the hours of 8:00 am and 6:00 pm, you could define the following LDAP translation rule: 256 | Custom LDAP Translation Processing Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 257: Operator Logins Configuration
8am and before 6pm; if so, the operator will be enabled. If neither condition has matched, the “enabled” field will be set to 0 and login will not be permitted. Operator Logins Configuration Operator Logins Configuration Dell Networking W-ClearPass Guest 6.0 | Deployment Guide | 257...
Page 258: Custom Login Message
 Si no tienes un login, puedes obtener uno <a href="http://www.arubanetworks.com/">contactando con Aruba Networks</a>. {else} The ClearPass Guest demo site 258 | Custom Login Message Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 259: Advanced Operator Login Options
The value for Logout After should be specified in hours. You can use fractional numbers for values less than an hour; for example, use 0.25 to specify a 15 minute idle timeout. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Advanced Operator Login Options | 259...
Page 260 260 | Automatic Logout Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 261: Reference
"Regular Expressions" on page 305 Basic HTML Syntax Dell Networking W-ClearPass Guest allows different parts of the user interface to be customized using the Hypertext Markup Language (HTML). Most customization tasks only require basic HTML knowledge, which is covered in this section.
Page 262: Standard Html Styles
For more details about HTML syntax and detailed examples of its use, consult a HTML tutorial or reference guide. Standard HTML Styles Dell Networking W-ClearPass Guest defines standard CSS classes you can use to provide consistent formatting within the user interface.
Page 263 Error text message Text that should be prominently displayed nwaImportant Table subheadings nwaUsername Text used to display a username nwaPassword Text used to display a password Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Standard HTML Styles | 263...
Page 264: Smarty Template Syntax
Smarty Template Syntax Dell Networking W-ClearPass Guest’s user interface is built using the Smarty template engine. This template system separates the program logic and visual elements, enabling powerful yet flexible applications to be built. When customizing template code that is used within the user interface, you have the option of using Smarty template syntax within the template.
Page 265: Script Blocks
{$smarty.foreach. name .iteration} – counter for the current item, starting at 1 for the first item {$smarty.foreach. name .total} – value indicating the total number of items in the collection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Script Blocks | 265...
Page 266: Modifiers
To use a function, enclose the function name in curly braces { } and provide any attributes that may be required for the function. Block functions also require a closing tag. dump {dump var=$value} 266 | Modifiers Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 267: Nwa_Commandlink
{nwa_iconlink} … {/nwa_iconlink} Smarty registered block function. Generates a combined icon and text link to a specified URL. Usage example: {nwa_iconlink icon="images/icon-info22.png" text="More Information"}more_information.php{/ nwa_iconlink} Dell Networking W-ClearPass Guest 6.0 | Deployment Guide nwa_commandlink | 267...
Page 268: Nwa_Icontext
“info” type image. Specifying a “type” is equivalent to specifying an “icon", “width", “height” and “alt” parameter, and may also include a “class” depending on the type selected. Usage example: {nwa_icontext struct=$error}{/nwa_icontext} 268 | nwa_icontext Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 269: Nwa_Quotejs
_default – Default value to display or return if an error occurs or the _output field is not available in the result. For ease of use, “assign” is also supported as a synonym for “_assign”. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide nwa_quotejs | 269...
Page 270: Changetorole()
(the octets of the MAC address). The default if not specified is the IEEE 802 standard format, %02X-%02X-%02X-%02X-%02X-%02X – that is, uppercase hexadecimal with each octet separated with a hyphen. The calling station ID is looked up automatically from the RADIUS Access-Request (Calling-Station-ID attribute). 270 | ChangeToRole() Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 271: Getcallingstationtraffic()
Returns null if there is no matching session, otherwise returns a single session array – a typical result follows: array ( 'id' => '2073', 'acctsessionid' => '4a762dbf00000002', 'acctuniqueid' => 'c199b5a94ebf5184', 'username' => 'demo@example.com', 'realm' => '', 'role_name' => 'Guest', 'nasipaddress' => '192.168.2.20', Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GetCallingStationTraffic() | 271...
Page 272: Getipaddresscurrentsession()
Calculate sum of traffic counters in a time interval. The IP address used is determined based on the context. If processing a RADIUS Access-Request, the IP address is determined using the Framed-IP-Address attribute. If 272 | GetIpAddressCurrentSession() Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 273: Getsessions()
See "GetCallingStationTime() " on page 270, "GetIpAddressTime() " on page 272, or "GetUserTime() " on page 275. $criteria is the criteria on which to search for matching accounting records. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GetSessions() | 273...
Page 274: Gettraffic()
The username attribute is looked up automatically from the RADIUS Access-Request (User-Name attribute). GetUserCurrentSession() GetUserCurrentSession($username) Looks up the current (most recent) active session for the specified username. "GetCurrentSession() " on page 271 for details of the return value. GetUserFirstLoginTime() GetUserFirstLoginTime($username) 274 | GetTraffic() Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 275: Getusersessions()
A single “arg” parameter, if specified, provides a 1-argument form of calling the function; alternatively, “arg1”, “arg2”, ... may be specified to form an array of arguments to pass to the generator. nwa_bling {nwa_bling …} Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GetUserSessions() | 275...
Page 276: Nwa_Makeid
<a href="navigation_href">navigation name</a> @name@ navigation item name (HTML safe) @jsname@ navigation item name (JavaScript quoted) @href@ navigation item hyperlink @jshref@ navigation item hyperlink (JavaScript quoted) @icon@ navigation item icon, if specified 276 | nwa_makeid Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 277: Nwa_Plugin
{nwa_plugin …} Smarty registered template function. Generates plugin information based on the parameters specified. Specifying which plugin: The ‘id’ parameter specifies a plugin ID. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide nwa_plugin | 277...
Page 278: Nwa_Privilege
{nwa_text id=TEXT_ID 1=$param1 2=$param2 ...} This is the text resource to be translated, where %1 and %2 are the arguments, etc. {/nwa_text} The “id” parameter is the text ID of the resource. 278 | nwa_privilege Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 279: Nwa_Userpref
(optional) – the name of a global function (that is, a member of the JavaScript “window” object) that is to be called at the end of video playback. Date/Time Format Syntax There are two basic modifiers available for you to use in Dell Networking W-ClearPass Guest: nwadateformat and nwatimeformat. nwadateformat Modifier The date format takes one or two arguments –...
Page 280: Nwatimeformat Modifier
(hours, days or minutes depending on the value). An example of this usage is for the expire_ postlogin field which has a value measured in minutes: 280 | nwatimeformat Modifier Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 281: Date/Time Format String Reference
Second as a decimal number (00 to 60) Current time (%H:%M:%S) Weekday as a decimal number (1=Monday…7=Sunday) Weekday as a decimal number (0=Sunday…6=Saturday) Preferred date representation for the current locale, without the time Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Date/Time Format String Reference | 281...
Page 282: Programmer's Reference
If an integer 0 or 1, the string values “0” and “1” are returned. If a string containing a “|” character, the string is split at this separator and used as the values for false and true respectively. 282 | Programmer’s Reference Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 283: Nwabyteformat
(that is, the function is already present or was loaded successfully), or false if the function does not exist. NOTE: Attempting to use an undefined function will result in a PHP Fatal Error. Use this function before using any of the standard Nwa…() functions. NwaGeneratePictureString NwaGeneratePictureString($string) Dell Networking W-ClearPass Guest 6.0 | Deployment Guide NwaByteFormat | 283...
Page 284: Nwageneraterandompasswordmix
NwaParseCsv($text, $options = null) Parses text containing comma-separated values and returns the result as a list of records, where each record contains a list of fields. Supports CSV escaping using double quotes. 284 | NwaGenerateRandomPasswordMix Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 285: Nwaparsexml
– name of the document element attributes – attributes of the document element children – array containing any child elements content – element content text NwaPasswordByComplexity NwaPasswordByComplexity($len, $mode = false) Dell Networking W-ClearPass Guest 6.0 | Deployment Guide NwaParseXml | 285...
Page 286: Nwasmsisvalidphonenumber
The value to look for A 2D array of data to search; for example, a data table returned by NwaCsvCache() or $table NwaParseCsv() The desired index of the data $column_index 286 | NwaSmsIsValidPhoneNumber Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 287: Nwawordspassword
The table below describes standard fields available for the GuestManager form. Table 32: GuestManager Standard Fields Field Description String. The current account activation time in long form. This field is available on the account_activation Dell Networking W-ClearPass Guest 6.0 | Deployment Guide NwaWordsPassword | 287...
Page 288 “Disable” indicates that the enabled field will be set to 0, which will prevent further authorizations using this account. “Logout” indicates that a RADIUS Disconnect-Request will be used for all active sessions 288 | GuestManager Standard Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 289 Integer. The total time period in seconds for which the account may be used. Usage is expire_usage calculated across all accounting sessions with the same username. Set this field to 0 to disable this account expiration timer. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GuestManager Standard Fields | 289...
Page 290 “reset” to create a new password, using the method specified in the random_ password_method field (or the global defaults, if no value is available in this field); 290 | GuestManager Standard Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 291 1. String. Comments or notes stored with the account. This field may be up to 255 characters in notes Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GuestManager Standard Fields | 291...
Page 292 (a through z). The length of the password is specified by the random_password_length field. nwa_lettersdigits_password to create a password using random lowercase letters and 292 | GuestManager Standard Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 293 1 and 99. The maximum length of each of the randomly-selected words is specified by the random_username_length field. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide GuestManager Standard Fields | 293...
Page 294: Hotspot Standard Fields
String. The visitor’s full name. vvisitor_phone String. The visitor’s contact telephone number. Hotspot Standard Fields The table below describes standard fields available for the Hotspot form. 294 | Hotspot Standard Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 295: Sms Services Standard Fields
The table below describes standard fields available for the SMS Services form. Table 34: SMS Services Standard Fields Field Description Boolean. Flag indicating that a SMS receipt should be automatically sent upon creation auto_send_sms of the account. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide SMS Services Standard Fields | 295...
Page 296: Smtp Services Standard Fields
If blank or unset, the default value from the email receipt configuration is smtp_email_field used. Additionally, the special value _None indicates that the visitor should not be sent any email. 296 | SMTP Services Standard Fields Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 297: Format Picture String Symbols
When generating a username or password using the nwa_picture_password method, a “picture string” should be provided to specify the format of generated username or password in the random_username_picture or random_ Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Format Picture String Symbols | 297...
Page 298: Form Field Validation Functions
2-element array as the argument to the validator. IsInOptionsList—Checks against a list of options in the policy definition. 298 | Form Field Validation Functions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 299 IsValidHostnamePort – Checks that the value is a valid IP address or hostname, which may optionally include a port number specified with the syntax hostname:port. IsValidIpAddr – Checks that the value is a valid IP address. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Form Field Validation Functions | 299...
Page 300 /. The validator argument may optionally be an array containing a ‘scheme’ key that specifies an array of acceptable URL protocols. IsValidUsername – Checks that the value is a valid username. Usernames cannot be blank or contain spaces. 300 | Form Field Validation Functions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 301: Form Field Conversion Functions
Otherwise, the string values “false” and “true” are returned. Formats a non-negative size in bytes as a human readable number (bytes, KB, MB, GB, etc). 1 KB is NwaByteFormat Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Form Field Conversion Functions | 301...
Page 302 – character to use for thousands separator For signs for positive/negative values: positive_sign – sign for positive values p_sign_posn – position of sign for positive values (0..4) 302 | Form Field Display Formatting Functions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 303: View Display Expression Technical Reference
(data.expire_time, "%Y-%m-%d %H:%M") : "N/A" time string if an expiration time has been set. JavaScript functions Returns the value of if_true or if_false depending on whether the Nwa_BooleanText( Dell Networking W-ClearPass Guest 6.0 | Deployment Guide View Display Expression Technical Reference | 303...
Page 304: Ldap Standard Attributes For User Class
Windows 2000. lastLogoff: The lastLogoff property specifies when the last logoff occurred. lastLogon: The lastLogon property specifies when the last logon occurred. 304 | LDAP Standard Attributes for User Class Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 305: Regular Expressions
Alternate matches: Matches an “a” or “b” (a.*z) Grouping: matches sequentially within parentheses “Non-greedy” zero or more matches \ooo The character with octal code ooo \040 A space Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Regular Expressions | 305...
Page 306 Any character that is not a decimal digit The regular expression syntax used is Perl-compatible. For further details on writing regular expressions, consult a tutorial or programming manual. 306 | Regular Expressions Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 307: Glossary
(only the certificate authority can create valid certificates). Disconnect-Ack NAS response packet to a Disconnect-Request, indicating that the session was disconnected. Disconnect-Nak NAS response packet to a Disconnect-Request, indicating that the session could not be disconnected. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Glossary | 307...
Page 308 Process used to securely provision a device and configure it with network settings. operator profile Characteristics assigned to a class of operators, such as the permissions granted to those operators. operator/operator login Person who uses Dell Networking W-ClearPass Guest to create guest accounts or perform system administration.
Page 309 Type of access being granted. You can define multiple roles. Such roles could include employee, guest, team member, or press. Roles are used for both guest access (user role) and operator access to Dell Networking W- ClearPass Guest. See operator profile .
Page 310 310 | Glossary Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 311: Index
40 shared locations 53 closed session 60 shared roles 54 closing session 62 tag=value pair 53 code-signing certificate 101 alerts, SMS 63 Configuration module 133 configuring Android provisioning 114 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index | 311...
Page 312 22 operator profile 242 device type 95 operator profiles 242 devices 44 print template 194 creating accounts 49 self registration 172 editing 55 session filter 244 filtering 45 312 | Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 313 SMTP services 189 dynamic_is_expired 289 enabling Edit 147 SMTP carrier 234 email 141, 289 encoding 40 enabled 142, 289 encryption key, in guest receipt 138 expiration_time 289 expire_after 142 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index | 313...
Page 314 188 Static text (Raw value) 159 Show forms 147 Submit button 161 simultaneous_use 142 Text area 161 sms_auto_send_field 199, 296 Text field 161 sms_enabled 199, 296 Validation errors 162 314 | Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 315 NAS login 171 receipt page 171 registration page 171 help roles 18 context-sensitive 24 guest access, self-provisioned 28 field help 25 guest accounts quick help 25 activate 37 searching 24 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index | 315...
Page 316 304 creating 247 translation rules 249 operator logins 241 translation rules, creating 254 advanced options 259 URL syntax 251 configuration 258 local operators 247 LDAP server, creating 249 316 | Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 317 196 custom fields 196 editing 196 searching permissions 197 application log 237 SMS receipts 194 documentation 239 programmer’s reference 261 security policy checklist 22 provisioning settings configuring 106 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index | 317...
Page 318 Smarty template functions 264 assign function 264 tab-separated values 43 comments 264 tag=value pair 53 foreach block 265 template if block 264 predefined template functions 266 include 264 translation rules 254 318 | Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...
Page 319 38, 144 guest_sessions 60, 144 guest_users 34, 144 visitors 21 account 21 VPN settings 125 Web logins 21 WiFi network 137 wizards print template 196 WPA key 138 Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Index | 319...
Page 320 320 | Index Dell Networking W-ClearPass Guest 6.0 | Deployment Guide...

This manual is also suitable for:

Networking w-clearpass guest 6.0

Dell Powerconnect W-ClearPass Hardware Appliances Deployment Manual

About this Guide

Dell Networking W-Clearpass Guest Overview

Guest Manager

Onboard

Configuration

Hotspot Manager

Administration

Operator Logins

Quick Links

Troubleshooting

Related Manuals for Dell Powerconnect W-ClearPass Hardware Appliances

Summary of Contents for Dell Powerconnect W-ClearPass Hardware Appliances