1. Manuals
  2. Brands
  3. AMIGOPOD Manuals
  4. Software
  5. PowerConnect W Clearpass 100 Software
  6. Integration manual

AMIGOPOD PowerConnect W Clearpass 100 Software Integration Manual

Hp procurve msm integration guide
Hide thumbs Also See for PowerConnect W Clearpass 100 Software:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual, Integration Manual
HP ProCurve MSM
Integration Guide
Revision
0.9
Date
22 August 2009
Copyright © 2007 amigopod Pty Ltd
amigopod Head Office
amigopod Pty Ltd
Suite 101
349 Pacific Hwy
North Sydney, NSW 2060
Australia
ABN 74 124 753 420
Web
www.amigopod.com
Phone
+61 2 8669 1140
Fax
+61 7 3009 0329

Advertisement

Table of Contents
loading

Related Manuals for AMIGOPOD PowerConnect W Clearpass 100 Software

Summary of Contents for AMIGOPOD PowerConnect W Clearpass 100 Software

  • Page 1 HP ProCurve MSM Integration Guide Revision Date 22 August 2009 Copyright © 2007 amigopod Pty Ltd amigopod Head Office amigopod Pty Ltd Suite 101 349 Pacific Hwy North Sydney, NSW 2060 Australia ABN 74 124 753 420 www.amigopod.com Phone +61 2 8669 1140 +61 7 3009 0329...

  • Page 2: Table Of Contents

    Table of Contents Introduction ........................... 3 Test Environment........................4 Integration ..........................5 Amigopod Configuration ....................... 6 Step 1 – Create RADIUS NAS for HP ProCurve Controller............7 Step 2 – Restart RADIUS Services................... 8 Step 3 – Create a Web-Login Page ..................9 Step 4 - Review to Web Login Captive Portal page..............

  • Page 3: Introduction

    Introduction This document outlines the configuration process on both the HP Pro Curve MultiService Controllers and the amigopod appliance to create a fully integrated Visitor Management solution. The solution leverages the captive portal functionality built into the HP ProCurve MSM. HP ProCurve uses the terminology of HTML Authentication to refer to their internal captive portal functionality and it can be generally defined as follows: Captive portal allows a wireless client to authenticate using a web-based portal.

  • Page 4: Test Environment

    Test Environment The test environment referenced throughout this integration guide is based on a HP ProCurve MSM710. Although this low end hardware platform has been used, the testing and therefore this procedure is valid for all hardware variants from HP ProCurve as it is the MSM software that is providing the integration points with amigopod.

  • Page 5: Integration

    Integration Although the HP ProCurve MSM710 supports both internal and external Captive portal functionality, this integration guide will focus on the later as the internal HTML Authentication dictates the use of the internal Login Page resident on the controller itself. The Login page is very basic and doesn’t allow for significant customization as is possible with the amigopod Web Logins feature.

  • Page 6: Amigopod Configuration

    Amigopod Configuration The following configuration procedure assumes that the amigopod software or appliance has been powered up and a basic IP configuration has been applied through the setup wizard to allow the administrator to access the Web User Interface. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: MSM710 IP Address...

  • Page 7: Step 1 - Create Radius Nas For Hp Procurve Controller

    Step 1 – Create RADIUS NAS for HP ProCurve Controller In order for the HP ProCurve controller to authenticate users it needs to be able to communicate with the amigopod RADIUS instance. This step configures the amigopod NAS definition for the HP ProCurve Controller.

  • Page 8: Step 2 - Restart Radius Services

    Step 2 – Restart RADIUS Services A restart of the RADIUS Service is required for the new NAS configuration to take effect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete. CONFIDENTIAL...

  • Page 9: Step 3 - Create A Web-Login Page

    Step 3 – Create a Web-Login Page From the RADIUS Services  Web Logins page select the Create New Web Login page option at the bottom of the page. From the RADIUS Web Login page enter a name and description of the Web Login page you are creating.
  • Page 10 By default the HP ProCurve MSM710 uses port 8080 for unsecured HTML authentication and 8090 for secure HTML authentication. Depending on your sites use of Proxy Servers these ports may not be appropriate and may need to be modified. These settings can be reviewed in the MSM configuration under Service Controller ...

  • Page 11: Step 4 - Review To Web Login Captive Portal Page

    Step 4 - Review to Web Login Captive Portal page Returning to the Web Logins page, select the HP ProCurve MSM Login entry and Click the Test button and in a new window the configured captive portal page will be displayed as shown below: Click the Back button in the web browser to return to the amigopod configuration screen.

  • Page 12: Hp Procurve Msm Configuration

    HP ProCurve MSM Configuration The following configuration procedure assumes that the HP ProCurve MSM710 has been powered up and a basic IP configuration has been applied through the steps detailed in the Getting Started Chapter of the HP ProCurve Admin Guide. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: MSM710 IP Address...
  • Page 13 If you intend to run your network in a routed environment you will either need to update your routing tables on the default gateway router that is servicing the network the Internet port of the MSM is connected to and / or add a static route to the amigopod configuration. To add a static route to your amigopod install, browse to the Administrator ...
  • Page 14 Click on the Routes option and add in the details for your IP address range allocated to the LAN port on the MSM as shown below: CONFIDENTIAL...
  • Page 15 Step 1 – Enable DHCP on LAN port In our Lab environment DHCP needs to be enabled on the LAN port to provide IP addresses to both the MAP-320 and any wired clients connected to this interface of the MSM710. This is configured under Service Controller ...

  • Page 16: Step 2 - Install Hp Procurve Multiservice Access Point (Optional)

    Step 2 – Install HP ProCurve MultiService Access Point (Optional) Although the HP ProCurve MSM range of controllers are designed primarily for the centralized control of HP ProCurve MulitService Access Points, the controller can be equally used for providing Access Control in pure wired environments. The many different methods of configuring the Controlled APs, AP Groups, Virtual Service Community (VSC) is covered extensively in the HP ProCurve Admin Guide in Chapters 4 &...

  • Page 17: Step 3- Create Radius Definition For Amigopod

    Step 3– Create RADIUS Definition for amigopod From the Service Controller  Security  RADIUS Profiles screen click the Add New Profile … button. In the following screen be sure to enter and confirm the following details: Enter a descriptive name for the Profile Name •...

  • Page 18: Step 4 - Dns Proxy & Interception Configuration

    Step 4 – DNS Proxy & Interception configuration In order for the MSM to be able to intercept and redirect any new Guest users to the amigopod hosted Web Login page, the controller must get involved in the DNS resolution process of these users.

  • Page 19: Step 5 - Add Default Route For Msm

    Step 5 - Add Default Route for MSM As with all Layer 3 networking devices, the MSM needs to be configured or learn via a Dynamic routing protocol is gateway to use for all non local traffic. Without this default route in place the Guest users will not be able to access the Internet.

  • Page 20: Step 6 - Configure The Default Vsc

    Step 6 – Configure the Default VSC A Virtual Service Community is defined by HP ProCurve as a collection of configuration settings that define key operating characteristics of the service controller and controlled APs. In most cases. A VSC is used to define the characteristics of a wireless network. The VSC configuration can be accessed from the left hand pane of the Management Tool by clicking on the + sign next to the Service Controller option.

  • Page 21: Vsc Global Configuration

    VSC Global Configuration Under the Global Configuration the name of the VSC can be changed to suit your deployment. In our case we are going to leave it as the default of HP ProCurve Networks. More importantly the options of both Authentication & Access Control need to be enabled to support the HTML based authentication required for Guest Access.

  • Page 22: Vsc Virtual Ap Configuration

    VSC Virtual AP Configuration Under the Virtual AP configuration all of the wireless specific settings can be modified to suit your deployment. For our simple test environment we will only be modifying the SSID to be amigopod. All other defaults will be left as is and will need to be modified for each design based on site specific criteria.

  • Page 23: Vsc Html Based User Logins Configuration

    VSC HTML Based User Logins Configuration Under the HTML Based User Logins Configuration section the Authentication option must be set to Remote and configured to point as the RADIUS entry created in the previous step above. Also the RADIUS Accounting option must also be configured to point at the amigopod RADIUS definition created previously as shown below: All remaining VSC configuration options can be left as their defaults.

  • Page 24: Step 7 - Public Access Configuration

    Step 7 – Public Access Configuration Returning to the Service Controller configuration section of the Management Tool, select the Public Access menu option and the following screen will be displayed. There are various configuration options on this screen that will be unique to your deployment design including the Secure &...

  • Page 25: Step 8 - Public Access Attributes

    Step 8 – Public Access Attributes Under the Public Access  Attributes configuration screen is where all of the major integration points between the MSM and amigopod (excluding the RADIUS configuration already covered) are setup. These Attributes can either being configured manually directly on this screen or be dynamically provisioned via RADIUS in a larger centralized management configuration.

  • Page 26: Define Login Url Destination

    Define Login URL destination In order for the MSM to redirect new Guest users to the amigopod Web Login page we need to define a LOGIN-URL that points to the Web Login page we defined in Step 4 of the amigopod configuration above.

  • Page 27: Access List Configuration

    Access List Configuration An Access List must be defined and enabled to permit the HTTP authentication traffic reaching the amigopod Web Login interface. The following screenshot shows the entries created in our lab environment to permit both HTTP (port 80) and HTTPS (port 443) traffic to the amigopod from unauthenticated Guest users: Firstly we need to permit HTTP traffic to the amigopod.
  • Page 28 Finally now that we have created the Access List we need to apply it so it takes affect on the Public Access interface. CONFIDENTIAL...

  • Page 29: (Optional) User Experience Customisation

    (Optional) User Experience Customisation Referring to the HP ProCurve Network Access Guide there are several other attributes that can be changed to influence the user experience for your Guest users. In particular you might wish to investigate the following in more detail: LOGO •...
  • Page 30 Once all of these changes have been completed you should be left with an Attributes page looking something like the following one. Click the Save button for these changes to be committed to the Public Access configuration. CONFIDENTIAL...

  • Page 31: Testing The Configuration

    Testing the Configuration Now that the configuration of both the HP ProCurve Controller and the amigopod solution is complete, the following steps can be followed to verify the setup. Step 1 – Create a test user account Within the amigopod RADIUS Server a test user account can be created using the amigopod Guest Manager.

  • Page 32: Step 2 - Connect To The Amigopod Wireless Network

    Step 2 - Connect to the amigopod wireless network Using a test laptop with a compatible 802.11 based wireless card attempt to connect to the advertised amigopod wireless network. The screen capture below shows the interface used on a Windows XP SP2 based laptop. Although the process differs from laptop to laptop depending on the wireless card drivers installed and different operating systems in use, the basic premise of connecting to the unsecured Guest Wireless network should be fundamentally the same.

  • Page 33: Step 2 - Confirm Dhcp Ip Address Received

    Step 2 – Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server configured on the HP ProCurve Controller. Issue the ipconfig command from the Windows Command Prompt to display the IP information received from the DHCP process.
  • Page 34 By clicking on the entry for Wireless Clients on the screen shown above you will be presented with a more detailed view of the wireless client’s statistics along with the IP address allocated via DHCP. CONFIDENTIAL...

  • Page 35: Step 4 - Launch Web Browser And Login

    Step 4 – Launch Web Browser and login When the web browser on the test laptop is launched the MSM will automatically capture the session and redirect the user to the amigopod hosted login page as shown below (which was defined in the Public Access LOGIN-URL) Enter the test user details entered and recorded in Step 1 above and click the Login button.

  • Page 36: Step 5 - Confirm The Login Successful From Msm

    Step 5 – Confirm the login successful from MSM From the VSC  User Sessions tab you will be able to monitor the number and details of authenticated Guest access sessions at any given time. From this interface you also have to option to Logout a user from the Action column of the table shown below: CONFIDENTIAL...

  • Page 37: Step 6 - Confirm Radius Debug Messages On Amigopod

    Step 6 – Confirm RADIUS debug messages on amigopod Once the test laptop has successfully authenticated and now able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user – in this example, cam@amigopod.com.
  • Page 38 CHAP-Password = 0x2204f280159f4832107bd2c8ad87f36ccb CHAP-Challenge = 0xe9c9d7c59c932a46d5f4db2a02dfd124 NAS-Identifier = "MSM710" NAS-IP-Address = 10.0.20.25 Framed-MTU = 1496 Connect-Info = "HTTPS" Service-Type = Framed-User Colubris-AVPair = "vsc-name=HP ProCurve" Message-Authenticator = 0x3967060fe0ff01cfc5b0661e2f2c51b4 rlm_chap: Setting 'Auth-Type := CHAP' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username='cam@amigopod.com' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK...
  • Page 39 rad_recv: Accounting-Request packet from host 10.0.20.25:32771, id=198, length=142 User-Name = "cam@amigopod.com" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "MSM710" NAS-IP-Address = 10.0.20.25 Acct-Status-Type = Start Calling-Station-Id = "00-0A-E4-04-68-FD" Called-Station-Id = "00-03-52-09-14-C5" Event-Timestamp = "Aug 25 2009 13:28:20 EST" Acct-Delay-Time = 0 Acct-Session-Id = "0f5b51ca"...

  • Page 40: Step 7 - Check User Experience

    Step 7 – Check User Experience After successful login the user web browser should be displayed with a Transport page informing them that they are about to be redirected to their original requested page and also the Session pop-up box should be displayed as shown below: CONFIDENTIAL...

  • Page 41: Appendix A - Public Access Radius Configuration

    Appendix A – Public Access RADIUS configuration As mentioned in the Public Access section of the HP ProCurve configuration guide, all the Attributes required to drive the Guest access user experience can be centrally administered from a RADIUS server. In this case we will use the amigopod RADIUS technology to manage the Public Access configuration and will be implemented using amigopod User Roles.

  • Page 42: Create The Msm Configuration User Role

    Create the MSM Configuration User Role The following screenshot from the amigopod RADIUS Services  Users Roles shows how several RADIUS attributes have been added to a new role called MSM-Config. As you can see we have added the 4 attributes that HP ProCurve define as part of their Customising the Public Access Interface in their Network Access Guide (Chapter 3).

  • Page 43: Create Msm Configuration User

    We also uploaded an amigopod logo in gif format and resized it to match the default pixel size of 194 *100px. This was renamed to logo.gif in the amigopod Content Manager to be consistent with the HP ProCurve default naming convention. Create MSM Configuration user The next step is to create a RADIUS user that can be configured to return all of the above attributes defined in the User Role MSM-Config.
  • Page 44 You will recall from Step 8 of the HP ProCurve configuration that under Service Controller  Public Access  Attributes is where you can then configure the details of this new RADIUS used that will be used to retrieve the Public Access configuration. Depending on the frequency of the changes to your configuration you may wish to either leverage the Retrieve Now option or check the Retrieve attributes using RADIUS option at the top left to check for changes automatically.

  • Page 45: Test Result

    Test Result After making these changes and getting the Test laptop to login again via the Web Login interface we were presented with the following session and logout pages as expected: CONFIDENTIAL...

  • Page 46: Detailed Radius Debug

    Detailed RADIUS Debug Also the following RADIUS debug successfully shows the Public Access account authentication to the amigopod RADIUS engine and retrieving the 4 new Public Access attributes that make up the MSM-Config User Role. Ready to process requests. rad_recv: Access-Request packet from host 10.0.20.25:32771, id=136, length=199 Acct-Session-Id = "3f06b417"...
  • Page 47 rlm_chap: Using clear text password wireless for user procurve@amigopod.com authentication. rlm_chap: chap user procurve@amigopod.com authenticated succesfully Exec-Program: /usr/bin/php /opt/amigopod/www/amigopod_request.php 2 15 Exec-Program-Wait: value-pairs: Colubris-AVPair = "logo=http://10.0.20.60/public/logo.gif", Colubris-AVPair = "fail- page=http://10.0.20.60/public/fail1.html", Colubris-AVPair = "session- page=http://10.0.20.60/public/session1.html", Colubris-AVPair = "transport- page=http://10.0.20.60/public/transport1.html", Session-Timeout = 688, Exec-Program: returned: 0 Login OK: [procurve@amigopod.com] (from client MSM-710 port 0 cli 00-03-52-09-14-C5) rlm_sql (sql): Processing sql_postauth...

This manual is also suitable for:

Amigopod

Table of Contents