1. Manuals
  2. Brands
  3. AMIGOPOD Manuals
  4. Software
  5. PowerConnect W Clearpass 100 Software
  6. Integration manual

AMIGOPOD PowerConnect W Clearpass 100 Software Integration Manual

Trapeze networks integration guide
Hide thumbs Also See for PowerConnect W Clearpass 100 Software:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual, Integration Manual
Trapeze Networks
Integration Guide
Revision
0.9
Date
27 May 2009
Copyright © 2007 amigopod Pty Ltd
amigopod Head Office
amigopod Pty Ltd
Suite 101
349 Pacific Hwy
North Sydney, NSW 2060
Australia
ABN 74 124 753 420
Web
www.amigopod.com
Phone
+61 2 8669 1140
Fax
+61 7 3009 0329

Advertisement

Table of Contents
loading

Related Manuals for AMIGOPOD PowerConnect W Clearpass 100 Software

Summary of Contents for AMIGOPOD PowerConnect W Clearpass 100 Software

  • Page 1 Trapeze Networks Integration Guide Revision Date 27 May 2009 Copyright © 2007 amigopod Pty Ltd amigopod Head Office amigopod Pty Ltd Suite 101 349 Pacific Hwy North Sydney, NSW 2060 Australia ABN 74 124 753 420 www.amigopod.com Phone +61 2 8669 1140 +61 7 3009 0329...

  • Page 2: Table Of Contents

    Table of Contents Introduction ...........................3 Test Environment ........................4 Integration ..........................5 Amigopod Configuration .......................6 Step 1 – Create RADIUS NAS for Trapeze Controller ..............7 Step 2 – Restart RADIUS Services...................8 Step 3 – Create a Web-Login Page ..................9 Step 4 - Review to Web Login Captive Portal page ..............10 Trapeze MSS Configuration......................11 Step 1 –...

  • Page 3: Introduction

    Introduction This document outlines the configuration process on both the Trapeze Networks Mobility Exchanges (MX) and the amigopod appliance to create a fully integrated Visitor Management solution. The solution leverages the captive portal functionality built into the Trapeze Mobility System Software (MSS). Trapeze uses the terminology of Web-Portal to refer to their internal captive portal functionality and it can be generally defined as follows: Captive portal allows a wireless client to authenticate using a web-based portal.

  • Page 4: Test Environment

    Test Environment The test environment referenced throughout this integration guide is based on a Trapeze MXR- 2 Mobility Exchange. Although this low end hardware platform has been used, the testing and therefore this procedure is valid for all hardware variants from Trapeze and their OEM partners as it is the MSS software that is providing the integration points with amigopod.

  • Page 5: Integration

    Integration Although the MXR-2 MSS supports both internal and external Captive portal functionality, this integration guide will focus on the later as the internal Web-Portal dictates the use of the internal Login Page resident on the controller itself. The Login page is very basic and doesn’t allow for significant customization as is possible with the amigopod Web Logins feature.

  • Page 6: Amigopod Configuration

    Amigopod Configuration The following configuration procedure assumes that the amigopod software or appliance has been powered up and a basic IP configuration has been applied through the setup wizard to allow the administrator to access the Web User Interface. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: MX IP Address...

  • Page 7: Step 1 - Create Radius Nas For Trapeze Controller

    Step 1 – Create RADIUS NAS for Trapeze Controller In order for the Trapeze controller to authenticate users it needs to be able to communicate with the amigopod RADIUS instance. This step configures the amigopod NAS definition for the Trapeze Controller. The RADIUS key used here needs to be configured exactly the same as what will be configured on the MXR-2 for the RADIUS transactions to be successful.

  • Page 8: Step 2 - Restart Radius Services

    Step 2 – Restart RADIUS Services A restart of the RADIUS Service is required for the new NAS configuration to take effect. Click the Restart RADIUS Server button shown below and wait a few moments for the process to complete. CONFIDENTIAL...

  • Page 9: Step 3 - Create A Web-Login Page

    Step 3 – Create a Web-Login Page From the RADIUS Services Web Logins page select the Trapeze Networks Login entry and Click the Edit button. From the RADIUS Web Login page enter the IP Address of the Trapeze MXR-2 and select the Skin that you would like presented as the branding for the Captive Portal page.

  • Page 10: Step 4 - Review To Web Login Captive Portal Page

    Step 4 - Review to Web Login Captive Portal page Returning to the Web Logins page, select the Trapeze Networks Login entry and Click the Test button and in a new window the configured captive portal page will be displayed as shown below: Click the Back button in the web browser to return to the amigopod configuration screen.

  • Page 11: Trapeze Mss Configuration

    Trapeze MSS Configuration The following configuration procedure assumes that the Trapeze Mobility Exchange has been powered up and a basic IP configuration has been applied through the Quick Start CLI to allow the administrative access. The following table again reviews the IP Addressing used in the test environment but this would be replaced with the site specific details of each customer deployment: MXR-2 IP Address...

  • Page 12: Step 1 - Create Radius Definition For Amigopod

    Step 1 – Create RADIUS Definition for amigopod From the Trapeze CLI ensure you are in enable mode by checking the # suffix on the hostname as shown below: mxr-2# Enter the following two set commands to create firstly a RADIUS server definition for amigopod including the IP address and shared secret and then a server group called for example radius with the new amigopod RADIUS definition as a member.

  • Page 13: Step 2 - Create The Captive Portal Service-Profile

    Step 2 – Create the Captive Portal service-profile A service profile within the context of the Trapeze configuration represents a set of options that may be configured and deployed on the wireless network. Services define networking specifics such as SSID, authentication type, local or RADIUS authentication, encryption and VLAN mappings.

  • Page 14: Step 4 - Enable Radius Authentication & Accounting

    Step 4 – Enable RADIUS Authentication & Accounting The next step is to enable both RADIUS Authentication and Accounting for the newly create amigopod SSID. This is done by entering the following two set commands from the enable prompt: set authentication web ssid amigopod ** radius set accounting web ssid amigopod ** start-stop radius Please note if you are not familiar with the ** notation above, refer to the Trapeze documentation regarding User Glob definitions.

  • Page 15: Step 6 - Configure Trapeze To Redirect New Users To Amigopod

    Step 6 – Configure Trapeze to redirect new users to amigopod Now that we have created the new amigopod Web-Login in the previous section, we need to configure the MXR-2 to redirect any unauthenticated users to the amigopod to display the login page.

  • Page 16: Testing The Configuration

    Testing the Configuration Now that the configuration of both the Trapeze Controller and the amigopod solution is complete, the following steps can be followed to verify the setup. Step 1 – Create a test user account Within the amigopod RADIUS Server a test user account can be created using the amigopod Guest Manager.

  • Page 17: Step 2 - Connect To The Amigopod Wireless Network

    Step 2 - Connect to the amigopod wireless network Using a test laptop with a compatible 802.11 based wireless card attempt to connect to the advertised amigopod wireless network. The screen capture below shows the interface used on a Windows XP SP2 based laptop. Although the process differs from laptop to laptop depending on the wireless card drivers installed and different operating systems in use, the basic premise of connecting to the unsecured Guest Wireless network should be fundamentally the same.

  • Page 18: Step 2 - Confirm Dhcp Ip Address Received

    Step 2 – Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server configured on the Trapeze Controller. Issue the ipconfig command from the Windows Command Prompt to display the IP information received from the DHCP process.

  • Page 19: Step 4 - Launch Web Browser And Login

    Step 4 – Launch Web Browser and login When the web browser on the test laptop is launched the Trapeze portalacl will automatically capture the session and redirect the user to the amigopod hosted login page as shown below: Enter the test user details entered and recorded in Step 1 above and click the Login button. At this point the test user should be successfully authenticated and allowed to transit through the controller and onto the Internet or Corporate network.

  • Page 20: Step 5 - Confirm The Login Successful From Trapeze

    Step 5 – Confirm the login successful from Trapeze From the Trapeze CLI if you issues the show sessions command again you will now see the test user name and the star indicating that the user has been successfully authenticated: mxr-2# show sessions 1 session total User Name...
  • Page 21 rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup WHERE usergroup.Username = 'cam' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username='cam' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows =...

  • Page 22: Step 7 - Check User Experience

    Step 7 – Check User Experience After successful login the user web browser should be displayed with a holding page informing them that they are about to be redirected to their original requested page (in our example www.amigopod.com) and also the Logout pop-up box should be displayed as shown below: CONFIDENTIAL...

  • Page 23: Appendix A - Dynamic Authorisation (Rfc 3576)

    Appendix A – Dynamic Authorisation (RFC 3576) The Trapeze Mobility Exchanges have strong in built support for RFC 3576 which is an extension of the RADIUS standard that allows RADIUS servers to participate in the dynamic disconnect or reauthorization of authenticated users. This is of particular interest in some customer environments where they may wish to use the amigopod to disconnect users on an ad-hoc basis by listing the Guest Manager Active...

  • Page 24: Step 1 - Configure Amigopod As A Dac Entry

    Step 1 – Configure amigopod as a DAC entry Enter the following set command at the enable prompt of the CLI to enable the amigopod on 10.9.4.8 to be able to send RFC3576 messages to the Trapeze. Please note that the key is still the same as the entry configured in Step 1 of the Trapeze configuration so it matches the NAS definition on the amigopod.
  • Page 25 From the Guest Manager Active Sessions as shown below we can also see the entry for the authenticated wireless user: To disconnect the wireless user, click on the top Active Session entry for your test user (depicted by the coloured wireless icon in the left hand column) and click the Disconnect button below.

  • Page 26: Appendix B - Testing Additional Radius Attributes

    Appendix B – Testing additional RADIUS attributes As with all amigopod deployments, User Roles can be configured to implement a wireless policy for each user once they have been authenticated. These roles definitions can be made up of both Standard RADIUS attributes as per RFC 2865 and also Vendor Specific Attributes (VSA) that enable vendors such as Trapeze to extend their functionality and apply policies based on their value-add features.

  • Page 27: Test Result

    These included the following attributes: • A hard coded Session-Timeout value to ensure that account durations would be honored. • An Acct-Interim-Interval was set to make sure additional accounting information can be drawn from the MX if required for accounting purposes or dynamic billing •...

  • Page 28: Detailed Radius Debug

    Detailed RADIUS Debug rad_recv: Access-Request packet from host 10.9.4.50:20000, id=14, length=117 User-Name = "cam" Calling-Station-Id = "00-40-96-A1-F3-99" Called-Station-Id = "00-0B-0E-90-B8-83:amigopod" NAS-Port = 13 NAS-Port-Type = Wireless-802.11 NAS-IP-Address = 10.9.4.50 NAS-Identifier = "Trapeze" User-Password = "wireless" rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username='cam' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK...
  • Page 29 rlm_sql (sql): Released sql socket id: 1 Sending Access-Accept of id 14 to 10.9.4.50 port 20000 Reply-Message = "Guest" Trapeze-URL = "http://www.amigopod.com" Filter-Id = "post-auth.in" Acct-Interim-Interval = 60 Session-Timeout = 180 rad_recv: Accounting-Request packet from host 10.9.4.50:20000, id=15, length=211 Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Multi-Session-Id = "SESS-13-6c470a-609225-67c56c"...
  • Page 30 User-Name = "cam" Event-Timestamp = "Dec 31 1999 14:09:48 EST" Trapeze-VLAN-Name = "default" Calling-Station-Id = "00-40-96-A1-F3-99" NAS-Port-Id = "AP1/2" Called-Station-Id = "00-0B-0E-90-B8-83:amigopod" NAS-Port = 13 Framed-IP-Address = 10.9.4.207 Acct-Session-Time = 60 Acct-Output-Octets = 26247 Acct-Input-Octets = 7760 Acct-Output-Packets = 127 Acct-Input-Packets = 636 NAS-Port-Type = Wireless-802.11 NAS-IP-Address = 10.9.4.50...
  • Page 31 Acct-Output-Packets = 196 Acct-Input-Packets = 797 NAS-Port-Type = Wireless-802.11 NAS-IP-Address = 10.9.4.50 NAS-Identifier = "Trapeze" Acct-Delay-Time = 0 rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_postgresql: query: UPDATE radacct SET ??FramedIPAddress='10.9.4.207', ??AcctSessionTime=(EXTRACT(EPOCH FROM('2009-05-22 14:00:26'::timestamp with time zone - AcctStartTime::timestamp with time zone - '0'::interval)))::BIGINT, ??AcctInputOctets=(('0'::bigint <<...
  • Page 32 ??AcctTerminateCause='', ??AcctStopDelay='0', ??FramedIPAddress='10.9.4.207', ??ConnectInfo_stop='' ??WHERE AcctSessionId='SESS-13-6c470a-609225-67c56c' AND UserName='cam' ??AND NASIPAddress='10.9.4.50' AND AcctStopTime IS NULL rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: affected rows = 1 rlm_sql (sql): Released sql socket id: 2 Sending Accounting-Response of id 18 to 10.9.4.50 port 20000 CONFIDENTIAL...

This manual is also suitable for:

Amigopod

Table of Contents