AMIGOPOD PowerConnect W Clearpass 100 Software Overview
Extreme xos integration guide
Hide thumbs
Also See for PowerConnect W Clearpass 100 Software:
- Deployment manual (128 pages) ,
- Integration manual (52 pages) ,
- Release note (38 pages)
Advertisement
Quick Links
Download this manual
See also:
Manual
Dated Tested:
AmigoPod Version:
Plugins Required:
Extreme Hardware
Extreme S/W Version:
Integration:
Overview:
The Extreme range of Ethernet switches are based on a common operating system known as
ExtremeXOS. ExtremeXOS is a highly resilient, modular operating system that provides continuous
uptime, manageability and operational efficiency, including many advanced port security and NAC
features. The switch used for the integration testing was a Summit X450. The highly flexible Summit
X450e switch provides high-density gigabit plus optional 10 Gigabit Ethernet ports in a compact 1RU
format, supporting a wide range of Layer 2 to Layer 4 functionalities on every port.
Integration:
The key feature of the ExtremeXOS used to integrate with amigopod is its ability to support what
Extreme call their Network Login feature set. Network login controls the admission of user packets into a
network by allowing MAC addresses from users that are properly authenticated. Network login is
controlled on a per port basis. When network login is enabled on a port, that port does not forward any
packets until authentication takes place.
Network login is capable of three types of authentication: web-based, MAC-based, and 802.1x. In
addition, network login has two different modes of operation: Campus mode and ISP mode. The
authentication types and modes of operation can be used in any combination.
When web-based network login is enabled on a switch port, that port is placed into a non-forwarding
state until authentication takes place. To authenticate, a user must open a web browser and provide the
appropriate credentials. These credentials are either approved, in which case the port is placed in
forwarding mode, or not approved, in which case the port remains blocked. You can initiate user logout
by submitting a logout request or closing the logout window.
Currently EXOS only supports the use of the internally hosted authentication page although from version
12.x onwards the look and feel of this page can be heavily customized. Nonetheless, currently this
restriction prevents the use of the amigopod Web Logins feature that allows fully customizable external
authentication pages.
amigopod Integration Guides – Extreme XOS
13 June 2007
Engine 0.99.35, Radius Services
Standard build only
X450 (other XOS platforms should be supported)
EXOS 12.x
HTTP Captive Portal
copyright © 2007
0.6.10
amigopod pty ltd.
Advertisement
Related Manuals for AMIGOPOD PowerConnect W Clearpass 100 Software
Summary of Contents for AMIGOPOD PowerConnect W Clearpass 100 Software
- Page 1 amigopod Integration Guides – Extreme XOS Dated Tested: 13 June 2007 AmigoPod Version: Engine 0.99.35, Radius Services 0.6.10 Plugins Required: Standard build only Extreme Hardware X450 (other XOS platforms should be supported) Extreme S/W Version: EXOS 12.x Integration: HTTP Captive Portal Overview: The Extreme range of Ethernet switches are based on a common operating system known as ExtremeXOS.
- Page 2 amigopod Integration Guides – Extreme XOS Step 1: Starting with the X450 in a default configuration state, create three VLANs to represent the following roles in the network design: 1. VLAN to connect corporate IT resources including the amigopod server (in example Office) 2.
- Page 3 amigopod Integration Guides – Extreme XOS Step 4: Next the unsecured VLAN must be enabled to support Web Login using the following commands: configure netlogin vlan unsecured enable netlogin web-based enable netlogin ports 9-16 web-based The following commands are defaults for the Web Login feature set – see the EXOS Concepts Guide for more information on how these parameters can be modified to suit your implementation.
- Page 4 amigopod Integration Guides – Extreme XOS Step 7: Now that a fixed IP Address has been defined for the Extreme X450 switch, this needs to be defined within the amigopod configuration. Typically, the amigopod software is installed on an appliance or server with a fixed IP Address and potentially a locally defined host name.
- Page 5 amigopod Integration Guides – Extreme XOS Step 8 Once successfully logged into the AmigoPod administration interface, you will be presented with the AmigoPod Home Page where the RADIUS Services section can be accessed. Click on RADIUS Services on the screen shown below: copyright ©...
- Page 6 amigopod Integration Guides – Extreme XOS Step 9 From the Radius Services menu, select Network Access Servers: copyright © 2007 amigopod pty ltd.
- Page 7 amigopod Integration Guides – Extreme XOS Step 10 Being a new install, there are currently no NAS entries defined. Click on the Create icon at the top of the page shown below: copyright © 2007 amigopod pty ltd.
- Page 8 amigopod Integration Guides – Extreme XOS Step 11 Fill out the details of the Create NAS form based on the IP Addressing details defined for the Extreme Switch on the office VLAN in Step 3. Leave the default Other NAS entry for the NAS Type and define a shared secret that was configured in the EXOS AAA configuration in Step 6.
- Page 9 amigopod Integration Guides – Extreme XOS Step 12 Once the NAS has been created, the RADIUS Server needs to be restarted for the changes to take affect. This can be seen from the warning message shown at the top of the screen and the button below should be clicked to initiate a restart of the RADIUS services.
- Page 10 amigopod Integration Guides – Extreme XOS Step 13 Being a new install, there are currently no Extreme Specific User Roles defined. A User Role is a collection or RADIUS standard or Vendor Specific attributes that defined the way a RADIUS NAS should respond to a positive authentication.
- Page 11 amigopod Integration Guides – Extreme XOS Click on the Create a new role – this role will include the Extreme Vendor Specific Attributes: copyright © 2007 amigopod pty ltd.
- Page 12 amigopod Integration Guides – Extreme XOS Step 14: Name the Role for example as Extreme-Guest and give it a brief description and then save the changes. copyright © 2007 amigopod pty ltd.
- Page 13 amigopod Integration Guides – Extreme XOS Step 15: Once the User Role has been created and saved, start adding the Extreme VSA attributes using the Add Attribute button shown below. For example, this is adding the Extreme Netlogin Vlan VSA 203 copyright ©...
- Page 14 amigopod Integration Guides – Extreme XOS Step 16: This example is adding the Extreme Netlogin Only VSA 206. copyright © 2007 amigopod pty ltd.
- Page 15 amigopod Integration Guides – Extreme XOS Step 17: This example is adding the Extreme URL Redirect VSA 204. copyright © 2007 amigopod pty ltd.
- Page 16 amigopod Integration Guides – Extreme XOS Step 18: Once these basic VSAs have been added, save the changes and the screen will be returned to the User Roles page where the new role can be viewed: Now the solution is ready to test – connect a test laptop to any of the port 9 – 16 on the unsecured VLAN.
- Page 17 amigopod Integration Guides – Extreme XOS Step 19: Now that the test laptop is successfully connected to the unsecured VLAN, the only step remaining is to login as a guest user. To do this a test user must exist in the amigopod database. Returning back to the amigopod Web interface, select Guest Manager from the left hand menu: copyright ©...
- Page 18 amigopod Integration Guides – Extreme XOS Step 18: Selecting the Create New Guest Account option will present the following form that can be completed with the details of your test user. Fill out details of the test user including how long the user should have access to the internet from the Account Expiry drop down box and also the Role that the account should be assigned to.
- Page 19 amigopod Integration Guides – Extreme XOS Step 19: After clicking on the Create Account button, the new user account will be written to the amigopod database and a confirmation screen will be presented with the login credentials. Be sure to either record the email address and password presented or select the Print Receipt option to print out a copy of the login credentials (For more information on creating and defining Print Receipt Templates please see the amigopod User Guide).
- Page 20 amigopod Integration Guides – Extreme XOS Step 20: Returning back to the test laptop now, open up a web browser such as Internet Explorer or Firefox and assuming a Home Page is configured the browser will automatically attempt to connect to the Internet. The Extreme Switch will then capture this attempt and redirect the web browser to the internal authentication Web Login page on the Extreme Switch as shown below: Enter the Guest Username and Password recorded at the previous step and click on the Login button to...
- Page 21 amigopod Integration Guides – Extreme XOS In this example, the URL was defined in the User Role to be configured to go to www.amigopod.com therefore after successful authentication the browser will be redirected straight to the amigopod home page and also a separate pop-up window will be displayed detailing the amount of time still left on the Test User’s account as shown below: If you have experienced any issues setting up this integration with amigopod please step back through the document and verify the configuration.