1. Manuals
  2. Brands
  3. AMIGOPOD Manuals
  4. Software
  5. PowerConnect W Clearpass 100 Software
  6. Integration manual

AMIGOPOD PowerConnect W Clearpass 100 Software Integration Manual

Cisco wlc integration guide
Hide thumbs Also See for PowerConnect W Clearpass 100 Software:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual, Integration Manual
Cisco WLC Integration
Guide
Revision
Ver 0.93b by jhao
Date
23 Sept 2011
Copyright © 2011 Aruba Networks, Inc.
Aruba Networks HQ
Aruba Networks Headquarters
1344 Crossman Ave
Sunnyvale, CA 94089-1113
United States of America
Web
www.arubanetworks.com
Phone
1-866-WIFI-LAN

Advertisement

Table of Contents
loading

Related Manuals for AMIGOPOD PowerConnect W Clearpass 100 Software

Summary of Contents for AMIGOPOD PowerConnect W Clearpass 100 Software

  • Page 1 Cisco WLC Integration Guide Revision Ver 0.93b by jhao Date 23 Sept 2011 Copyright © 2011 Aruba Networks, Inc. Aruba Networks HQ Aruba Networks Headquarters 1344 Crossman Ave Sunnyvale, CA 94089-1113 United States of America www.arubanetworks.com Phone 1-866-WIFI-LAN...

  • Page 2: Table Of Contents

    Table of Contents Introduction ..........................3 Test Environment ........................3 Integration ..........................5 Cisco WLC Configuration ......................6 Step 1 – Create New VLAN (Optional) ................... 7 Step 2 – Add IP Addressing to VLAN (Optional) ..............8 Step 3 – Create RADIUS Authentication Server ..............9 Step 4 –...

  • Page 3: Introduction

    Introduction This document outlines the configuration process on both the Cisco Wireless LAN Controller (WLC) and the Amigopod appliance to create a fully integrated Visitor Management solution. The solution leverages the captive portal functionality built into the Cisco WLC software image. The captive portal functionality allows a wireless client to authenticate using a web-based portal.
  • Page 4 The following table shows the software versions used during the integration testing. This document will be updated in the future if changes in either Amigopod or Cisco subsequent releases affect the stability of this integration. It is advised that the customer always check for the latest integration guide available from either Amigopod or Cisco.

  • Page 5: Integration

    Integration Although the Cisco WLC supports both internal and external Captive portal functionality, this integration guide will focus on the latter as the internal Captive portal dictates the use of the internal login page native to the controller. This login page is very basic and doesn’t allow for the significant customization possible with the Amigopod Web Logins feature.

  • Page 6: Cisco Wlc Configuration

    Cisco WLC Configuration The following configuration procedure assumes that the Cisco WLC has been powered up and a basic IP configuration has been applied through the CLI to allow the Administrator to access the Web User Interface. The following table reviews the IP Addressing used in the example environment.

  • Page 7: Step 1 - Create New Vlan (Optional)

    Step 1 – Create New VLAN (Optional) A new vlan can to be created to bind to the new Wireless LAN that will be used for the Visitor  users. From the Controller Interfaces screen, click on the Add button and enter the new VLAN ID and name you wish to use and then click the Apply button.

  • Page 8: Step 2 - Add Ip Addressing To Vlan (Optional)

    Step 2 – Add IP Addressing to VLAN (Optional) Now the VLAN has been created, an IP address needs to be assigned to the VLAN interface on the controller. This IP Address will not act as the default gateway for all wireless traffic on the Visitor SSID –...

  • Page 9: Step 3 - Create Radius Authentication Server

    Step 3 – Create RADIUS Authentication Server In order for the Cisco WLC to successfully authenticate the guest users that will be provisioned on the Amigopod system, a RADIUS Authentication Server needs to be defined on the   controller. From the Security RADIUS menu option, select Authentication and then click the New button in the top corner.

  • Page 10: Step 4 - Create Radius Accounting Server

    Step 4 – Create RADIUS Accounting Server In order for the Cisco WLC to successfully send accounting data associated with traffic being generated by the guest users, a RADIUS Accounting Server needs to be defined on the   controller. From the Security RADIUS menu option, select Accounting and then click the New button in the top corner.

  • Page 11: Step 5 - Create Preauthentication Access Control List (Pre Auth Acl)

    Step 5 – Create PreAuthentication Access Control List (Pre Auth ACL) The PreAuth ACL controls the network access of a wireless visitor prior to being authenticated by Amigopod. This can often include a walled garden of local servers or other site specific hosts that Guests may be permitted access to without authentication.

  • Page 12: Step 6 - Create The New Wireless Lan

    Rule 5 enables communication FROM the amigopod server (10.162.110.13) NOTE: This rule can be further refined to restrict access TO the guest network and or include protocol restrictions such as HTTP/HTTPS. Rule 6 is a deny all statement that prevents all other traffic from the guest from reaching anything (Optional –...

  • Page 13: Step 7 - Configure The General Wlan Settings

    Step 7 – Configure the General WLAN settings   Under the WLANs Edit General settings tab the WLAN can be enabled and disabled and also associated with a specific VLAN. IMPORTANT: This is where you will map the desired VLAN/subnet for the desired guest network to the WLAN.

  • Page 14: Step 8 - Configure The Security Wlan Settings

    Step 8 – Configure the Security WLAN settings   Under the WLANs Edit Security tab WLAN security settings can be configured. Layer 2 encryption technologies such as WEP and WPA can applied through the Layer 2 sub tab and are specific to each site security policy and are therefore considered outside the scope of this configuration guide.

  • Page 15: Step 9 - Configure The Aaa Wlan Settings

    Step 9 – Configure the AAA WLAN settings Under the Security->AAA Servers tab the desired RADIUS authentication and accounting servers need to be selected. These fields refer back to the RADIUS authentication and Accounting servers that were previously created in Step 3 and Step 4 (RADIUS Authentication and RADIUS Accounting) IMPORTANT: Please ensure that the appropriate entries for Authentication Servers and Accounting Servers are selected as shown below and that the Enabled checkbox has been...

  • Page 16: Step 10 - Configure The Aaa Override Setting

    Step 10 – Configure the AAA Override setting Under the WLAN->Edit->Advanced locate and enable the Allow AAA Override feature. This is critical for the Amigopod to be able to send an override to the Cisco WLC to terminate the user session based on the desired account lifetime in the Amigopod user interface.

  • Page 17: Amigopod Configuration

    Amigopod Configuration The following configuration procedure assumes that the Amigopod software or appliance has been installed properly and the basic IP configuration has been applied through the setup wizard to allow the Administrator to access the Web User Interface. The following table reviews the IP Addressing used in the example environment but this would be replaced with the site specific configuration information of each customer deployment: Cisco WLC Address...

  • Page 18: Step1 - Create Radius Nas For Cisco Wlc

    Step1 – Create RADIUS NAS for Cisco WLC In order for the Cisco WLC to authenticate users it must be able to communicate with the Amigopod RADIUS Server. In Step 3 of the Cisco WLC configuration, a RADIUS Authentication Server was defined. This step configures the matching Amigopod NAS definition for the Cisco WLC.

  • Page 19: Step 2 - Restart Radius Services

    Step 2 – Restart RADIUS Services IMPORTANT: A restart of the RADIUS Service is required for the new NAS configuration to take affect. Click the Restart RADIUS Server link shown below and wait a few moments for the process to complete.

  • Page 20: Step 3 - Configure Cisco Web Login Page

    Step 3 – Configure Cisco Web Login Page If you opted for a Web Login (Captive Portal) page to automatically be created for you during Step 1 you should now see it under Customization -> Web Logins. The automatically generated Cisco WLC web login page can be modified to suit the local deployment by adding custom HTML code or by defining a unique Amigopod skin for each captive portal page hosted by the Amigopod install as shown below:...
  • Page 21 From the RADIUS Web Login Editor page you may customize your Web Login page and/or select the Skin that you would like presented as the branding for this particular Captive Portal page. IMPORTANT: You should select a page name and make note of it. You will need to return to Step 8 Configure the Security WLAN settings of the Cisco WLC Configuration in order to update the configuration with the appropriate page.

  • Page 22: Step 4 - Confirm External Captive Portal Url

    Step 4 – Confirm External Captive Portal URL If you did not choose to manually configure a page name then the URL that needs to be configured in the Cisco WLC External Captive Portal section covered in Step 8 Configure the Security WLAN settings of the Cisco WLC Configuration can be determined by clicking on the ...
  • Page 23 Note: If you manually configured the page name in Step 3 Configure Cisco WLC Login Page. You should see the page name you selected in the URL. This URL will be required for configuration of the captive portal settings on the Cisco WLC. CONFIDENTIAL...

  • Page 24: Step 5 - Create A Test User Account

    Step 5 – Create a test user account Within the Amigopod RADIUS Server a test user account can be created using the Amigopod Guest Account Manager. From the Guest Account Management menu, select the Create New Guest Account option. Enter the test user details as detailed on the form below and click the Create Account button to save the new test user account.

  • Page 25: Testing The Configuration

    Testing the Configuration Now that the configuration of both the Cisco WLC and the Amigopod solution is complete, the following steps can be followed to verify the setup. Step 1 - Connect to the Amigopod wireless network Use a test laptop to attempt to connect to the advertised amigopod_guest wireless network. The screen capture below shows the interface used on a Windows 7 based laptop.

  • Page 26: Step 2 - Confirm Dhcp Ip Address Received

    Step 2 – Confirm DHCP IP Address received Using the Windows Command Prompt or equivalent in the chosen operating system, confirm that a valid IP Address has been received from the DHCP server defined on the Cisco WLC. Issue the ipconfig command from the Windows Command Prompt to display the IP information received from the DHCP process.

  • Page 27: Step 3 - Launch Web Browser And Login

    Step 3 – Launch Web Browser and login When the web browser on the test laptop is launched the Cisco WLC will automatically capture the session and redirect the user to the Amigopod hosted login page as shown below: Enter the test user credentials you noted in Step 5 Create a test user account of the Amigopod configuration instructions and click Login.

  • Page 28: Step 4 - Confirm Radius Debug Messages On Amigopod

    Step 4 – Confirm RADIUS debug messages on Amigopod Once the test laptop has successfully authenticated and now able to browse the Internet, an entry should appear in the RADIUS logs confirming the positive authentication of the test user – in the example: testuser@testcompany.com.

This manual is also suitable for:

Amigopod

Table of Contents