3.7 Deployment Guide
Page 4
... 42 Install Subscription Updates 43 Setup Complete 44 RADIUS Services 45 Accessing RADIUS Services 45 Server Control...45 RADIUS Log Snapshot 45 Debug RADIUS Server 46 Viewing Failed Authentications 46 Server Configuration 47 Example: Removing a User-Name Suffix 49 Example: Correcting the NAS-IP-Address Attribute 49 Example: Adding a Reply-Message to an Access-Reject Packet 49 User Roles ...49 Creating a User Role 50 Role Attributes 51 Attribute Tags 52 Attribute Authorization Conditions 52 Example: Time of Day Conditions 52 Example: Time-Based...
... 42 Install Subscription Updates 43 Setup Complete 44 RADIUS Services 45 Accessing RADIUS Services 45 Server Control...45 RADIUS Log Snapshot 45 Debug RADIUS Server 46 Viewing Failed Authentications 46 Server Configuration 47 Example: Removing a User-Name Suffix 49 Example: Correcting the NAS-IP-Address Attribute 49 Example: Adding a Reply-Message to an Access-Reject Packet 49 User Roles ...49 Creating a User Role 50 Role Attributes 51 Attribute Tags 52 Attribute Authorization Conditions 52 Example: Time of Day Conditions 52 Example: Time-Based...
3.7 Deployment Guide
Page 15
... Guide Quick Links ...18 List of Key features 25 Common Terms 27 Site Preparation Checklist 29 Default Port configurations 31 Ethernet adapter configuration 32 Virtual ethernet adapter configuration 32 Console access methods 33 Web Login Page Syntax 66 Operators supported in filters 113 Operators supported in filters 117 Server Type Parameters 121 LDAP Error Messages 124 Template Variables 127 Operators supported in filters 140 Operators supported in filters 143 Account Expiration Types 155 Visitor Management Forms and Views...
... Guide Quick Links ...18 List of Key features 25 Common Terms 27 Site Preparation Checklist 29 Default Port configurations 31 Ethernet adapter configuration 32 Virtual ethernet adapter configuration 32 Console access methods 33 Web Login Page Syntax 66 Operators supported in filters 113 Operators supported in filters 117 Server Type Parameters 121 LDAP Error Messages 124 Template Variables 127 Operators supported in filters 140 Operators supported in filters 143 Account Expiration Types 155 Visitor Management Forms and Views...
3.7 Deployment Guide
Page 18
... visitor management. Chapter 3, "Setup Guide" covers the hardware installation (or virtual appliance deployment) and initial configuration of the Amigopod Visitor Management Appliance. Chapter 4, "RADIUS Services" provides reference material about ... What visitor management is and how it works Using the guest management features Running reports Creating new reports Role-based access control for guest accounts Network administration of the appliance "Management Overview" "Standard Guest Management Features" "Running and Managing Reports" "Creating...
... visitor management. Chapter 3, "Setup Guide" covers the hardware installation (or virtual appliance deployment) and initial configuration of the Amigopod Visitor Management Appliance. Chapter 4, "RADIUS Services" provides reference material about ... What visitor management is and how it works Using the guest management features Running reports Creating new reports Role-based access control for guest accounts Network administration of the appliance "Management Overview" "Standard Guest Management Features" "Running and Managing Reports" "Creating...
3.7 Deployment Guide
Page 41
... the NAS Type drop-down list and select the default NAS vendor type to use when defining RADIUS clients or creating RADIUS Web Login pages that you configure one type of day at all times. For more NTP servers to automatically synchronize the server's time. However, make sure that is available on your local network. To use a public NTP server, enter the following hostnames: 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org You...
... the NAS Type drop-down list and select the default NAS vendor type to use when defining RADIUS clients or creating RADIUS Web Login pages that you configure one type of day at all times. For more NTP servers to automatically synchronize the server's time. However, make sure that is available on your local network. To use a public NTP server, enter the following hostnames: 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org You...
3.7 Deployment Guide
Page 97
... Bind Password - check the server's identity, but do not fail authentications if the server's identity cannot be upgraded to a connection supporting TLS. Use TLS to port 636 are : Do not request or verify the server's certificate - this chapter for information about installing digital certificates for External Authentication Servers" in the directory. the LDAP distinguished name of the root of the LDAP service...
... Bind Password - check the server's identity, but do not fail authentications if the server's identity cannot be upgraded to a connection supporting TLS. Use TLS to port 636 are : Do not request or verify the server's certificate - this chapter for information about installing digital certificates for External Authentication Servers" in the directory. the LDAP distinguished name of the root of the LDAP service...
3.7 Deployment Guide
Page 195
... the registration form. To enable a more secure password reset operation, first enable the secret_question and secret_answer fields to reset a guest account's password. The default user interface for the self-service portal is shown below : Amigopod 3.7 | Deployment Guide Guest Management | 195 It is strongly recommended that when this feature of password reset method is used in the portal. The Password Generation drop-down list controls what kind of the...
... the registration form. To enable a more secure password reset operation, first enable the secret_question and secret_answer fields to reset a guest account's password. The default user interface for the self-service portal is shown below : Amigopod 3.7 | Deployment Guide Guest Management | 195 It is strongly recommended that when this feature of password reset method is used in the portal. The Password Generation drop-down list controls what kind of the...
3.7 Deployment Guide
Page 200
... in the list. Configuring Access Code Logins This section explains how to configure the Guest Manager to log in in the list, and may be edited or deleted. Note that have the correct plugin versions installed, navigate to save your changes. 200 | Guest Management Amigopod 3.7 | Deployment Guide Read-only access - the print template is visible in with only the username. Access Code logins requires the following plugin versions: Amigopod RADIUS Services 3.0.4 or later...
... in the list. Configuring Access Code Logins This section explains how to configure the Guest Manager to log in in the list, and may be edited or deleted. Note that have the correct plugin versions installed, navigate to save your changes. 200 | Guest Management Amigopod 3.7 | Deployment Guide Read-only access - the print template is visible in with only the username. Access Code logins requires the following plugin versions: Amigopod RADIUS Services 3.0.4 or later...
3.7 Deployment Guide
Page 228
When sending an SMS to display the SMS Service Configuration form. Click the Save Changes button when you may enter this , by clicking the Send SMS command link on the form. If your country uses a national dialing prefix such as "0", you ...Services page. 228 | Guest Management Amigopod 3.7 | Deployment Guide To create a new SMS gateway, click the Create new SMS gateway link to a number that starts with the national dialing prefix, the prefix is removed and replaced with the country code instead. The new configuration settings will take effect immediately. The SMS Gateways window...
When sending an SMS to display the SMS Service Configuration form. Click the Save Changes button when you may enter this , by clicking the Send SMS command link on the form. If your country uses a national dialing prefix such as "0", you ...Services page. 228 | Guest Management Amigopod 3.7 | Deployment Guide To create a new SMS gateway, click the Create new SMS gateway link to a number that starts with the national dialing prefix, the prefix is removed and replaced with the country code instead. The new configuration settings will take effect immediately. The SMS Gateways window...
3.7 Deployment Guide
Page 313
...at the console, or remotely via SSH). Notifications Operators with both the Plugin Manager and Network Setup privileges. The Amigopod appliance has a command line interface(CLI) which may be used are: Changing the initial network configuration of the appliance Resetting the appliance to factory default settings Resetting a forgotten 'admin' operator login password Rebooting the appliance Enabling or disabling remote SSH access Command line access is low. It is recommended to leave this network service disabled unless you have specific...
...at the console, or remotely via SSH). Notifications Operators with both the Plugin Manager and Network Setup privileges. The Amigopod appliance has a command line interface(CLI) which may be used are: Changing the initial network configuration of the appliance Resetting the appliance to factory default settings Resetting a forgotten 'admin' operator login password Rebooting the appliance Enabling or disabling remote SSH access Command line access is low. It is recommended to leave this network service disabled unless you have specific...
3.7 Deployment Guide
Page 388
Table 37 GuestManager Standard Fields (Continued) Field Description netmask no_password no_portal no_warn_before notes num_accounts password password2 password_action password_action_recur String. However, a RADIUS user role may be configured to assign network masks using the account. Network address mask to use for the attribute to 20 characters in length. This field may be up to : The value of this field is not currently used by adding the Framed-IP-Netmask attribute, and setting the value for stations using this field by the system.
Table 37 GuestManager Standard Fields (Continued) Field Description netmask no_password no_portal no_warn_before notes num_accounts password password2 password_action password_action_recur String. However, a RADIUS user role may be configured to assign network masks using the account. Network address mask to use for the attribute to 20 characters in length. This field may be up to : The value of this field is not currently used by adding the Framed-IP-Netmask attribute, and setting the value for stations using this field by the system.
3.7 Deployment Guide
Page 434
... 293 Manual configuration 285 MTU 285 NTP 40, 321 Packet capture 294 Ping 293 Ping URL 293 RADIUS authentication 294 Routing table 294 Secondary interface 290 Security 312 SMTP 39 SMTP configuration 300 SNMP 40 SNMP server 297 SSH access 313 SSL 301 Static routes 287 System hostname 36 Traceroute 294 View DHCP leases 293 VLAN support 289 Network access control 77 Network Access Server 27, 55 Network access server Setup wizard 42 Network configuration 281 Defaults 31 Network diagnostics 282 Network interfaces 283, 316 Number of...
... 293 Manual configuration 285 MTU 285 NTP 40, 321 Packet capture 294 Ping 293 Ping URL 293 RADIUS authentication 294 Routing table 294 Secondary interface 290 Security 312 SMTP 39 SMTP configuration 300 SNMP 40 SNMP server 297 SSH access 313 SSL 301 Static routes 287 System hostname 36 Traceroute 294 View DHCP leases 293 VLAN support 289 Network access control 77 Network Access Server 27, 55 Network access server Setup wizard 42 Network configuration 281 Defaults 31 Network diagnostics 282 Network interfaces 283, 316 Number of...
3.9 Deployment Guide
Page 4
... Network Architecture for Onboard 56 Network Architecture for Onboard when Using ClearPass Guest .........57 The ClearPass Onboard Process 58 Devices Supporting Over-the-Air Provisioning 58 Devices Supporting Onboard Provisioning 61 Accessing Onboard 64 Configuring the User Interface for Device Provisioning 64 Customizing the Device Provisioning Web Login Page 65 Using the {nwa_mdps_config} Template Function 66 Configuring ClearPass Servers for Device Provisioning 66 Configuring the Certificate Authority 68 Setting...
... Network Architecture for Onboard 56 Network Architecture for Onboard when Using ClearPass Guest .........57 The ClearPass Onboard Process 58 Devices Supporting Over-the-Air Provisioning 58 Devices Supporting Onboard Provisioning 61 Accessing Onboard 64 Configuring the User Interface for Device Provisioning 64 Customizing the Device Provisioning Web Login Page 65 Using the {nwa_mdps_config} Template Function 66 Configuring ClearPass Servers for Device Provisioning 66 Configuring the Certificate Authority 68 Setting...
3.9 Deployment Guide
Page 17
... Table 42 Quick Links ...20 List of Key features 27 Common Terms 29 Site Preparation Checklist 31 Default port configurations 33 Ethernet adapter configuration 34 Virtual ethernet adapter configuration 35 Console access methods 35 Console user interface functions 36 Onboard Deployment Checklist 49 Onboard Features 51 Platforms Supported by ClearPass Onboard 51 Properties Available for Use with the (nwa_mdps_ocnfig) Smarty Template Function66 Subject Alternative Name Fields Supported When Creating a TLS Client Certificate Signing Request82 Types...
... Table 42 Quick Links ...20 List of Key features 27 Common Terms 29 Site Preparation Checklist 31 Default port configurations 33 Ethernet adapter configuration 34 Virtual ethernet adapter configuration 35 Console access methods 35 Console user interface functions 36 Onboard Deployment Checklist 49 Onboard Features 51 Platforms Supported by ClearPass Onboard 51 Properties Available for Use with the (nwa_mdps_ocnfig) Smarty Template Function66 Subject Alternative Name Fields Supported When Creating a TLS Client Certificate Signing Request82 Types...
3.9 Deployment Guide
Page 35
...Adapter Name Hostname DHCP - - - - ClearPass Guest 3.9 | Deployment Guide Setup Guide | 35 eth0 clearpass-guest.localdomain Accessing the Console User Interface The appliance's console user interface can be used to its factory default settings. For hardware appliances, you may access the console using a null modem cable connected to the serial port on the rear of this adapter is also possible to recover a forgotten administrator password, or reset the appliance to perform basic administrative functions such as changing the network configuration or viewing the appliance's MAC address...
...Adapter Name Hostname DHCP - - - - ClearPass Guest 3.9 | Deployment Guide Setup Guide | 35 eth0 clearpass-guest.localdomain Accessing the Console User Interface The appliance's console user interface can be used to its factory default settings. For hardware appliances, you may access the console using a null modem cable connected to the serial port on the rear of this adapter is also possible to recover a forgotten administrator password, or reset the appliance to perform basic administrative functions such as changing the network configuration or viewing the appliance's MAC address...
3.9 Deployment Guide
Page 36
... to the factory default state. Table 9 Console user interface functions # Option Description 1 Change network settings Allows for the appliance. All guest accounts, operator logins, RADIUS accounting records, application configuration, and customization will be lost. 4 Change shell password Sets the new shell password used to access the console user interface. 5 Reset admin Web password Recovers a forgotten Web administration password by restoring the default to default setting of admin. 6 Reboot appliance Shuts down and powers off the appliance. 36 | Setup Guide ClearPass Guest...
... to the factory default state. Table 9 Console user interface functions # Option Description 1 Change network settings Allows for the appliance. All guest accounts, operator logins, RADIUS accounting records, application configuration, and customization will be lost. 4 Change shell password Sets the new shell password used to access the console user interface. 5 Reset admin Web password Recovers a forgotten Web administration password by restoring the default to default setting of admin. 6 Reboot appliance Shuts down and powers off the appliance. 36 | Setup Guide ClearPass Guest...
3.9 Deployment Guide
Page 270
.... The default user interface for the self-service portal is shown below : 270 | Guest Management ClearPass Guest 3.9 | Deployment Guide The default appearance of these fields is shown below : Clicking the I've forgotten my password link displays a form where the user password may be reset: Entering a valid username will be selected to enable guests to the process diagram for an active session). Click the Save Changes button to return...
.... The default user interface for the self-service portal is shown below : 270 | Guest Management ClearPass Guest 3.9 | Deployment Guide The default appearance of these fields is shown below : Clicking the I've forgotten my password link displays a form where the user password may be reset: Entering a valid username will be selected to enable guests to the process diagram for an active session). Click the Save Changes button to return...
3.9 Deployment Guide
Page 362
... DNS server addresses check box to select the IP address configuration method for example, tunnel, VLAN, or secondary interfaces. When using automatic settings, you choose one of the network interface. Changing Network Interface Settings The Network Interface Settings form can be deleted-for the network interface. LAN and MGT network interfaces may be manually configured for other properties of these settings from the Configuration drop-down list to use DNS server information provided by the DHCP server. 362 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide...
... DNS server addresses check box to select the IP address configuration method for example, tunnel, VLAN, or secondary interfaces. When using automatic settings, you choose one of the network interface. Changing Network Interface Settings The Network Interface Settings form can be deleted-for the network interface. LAN and MGT network interfaces may be manually configured for other properties of these settings from the Configuration drop-down list to use DNS server information provided by the DHCP server. 362 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide...
3.9 Deployment Guide
Page 391
... list for operator logins. Resetting the Root Password The root password is required to log into the appliance's console user interface (either directly at the bottom of the appliance Resetting the appliance to factory default settings Resetting a forgotten 'admin' operator login password Rebooting the appliance Enabling or disabling remote SSH access Command line access is recommended to perform any normal configuration or management tasks, and should never be specified using the appliance console or SSH. ClearPass Guest 3.9 | Deployment Guide...
... list for operator logins. Resetting the Root Password The root password is required to log into the appliance's console user interface (either directly at the bottom of the appliance Resetting the appliance to factory default settings Resetting a forgotten 'admin' operator login password Rebooting the appliance Enabling or disabling remote SSH access Command line access is recommended to perform any normal configuration or management tasks, and should never be specified using the appliance console or SSH. ClearPass Guest 3.9 | Deployment Guide...
3.9 Deployment Guide
Page 466
The value of this field is not currently used by adding the Framed-IP-Netmask attribute, and setting the value for stations using this field by the system. This field may be up to use for the attribute to: Table 46 GuestManager Standard Fields (Continued) Field Description netmask no_password no_portal no_warn_before notes num_accounts password password2 password_action password_action_recur String. Network address mask to 20 characters in length. However, a RADIUS user role may be configured to assign network masks using the account.
The value of this field is not currently used by adding the Framed-IP-Netmask attribute, and setting the value for stations using this field by the system. This field may be up to use for the attribute to: Table 46 GuestManager Standard Fields (Continued) Field Description netmask no_password no_portal no_warn_before notes num_accounts password password2 password_action password_action_recur String. Network address mask to 20 characters in length. However, a RADIUS user role may be configured to assign network masks using the account.
3.9 Deployment Guide
Page 488
... knowingly turn this work. If set to "before , after " attempting to authenticate the user. The default is 'no Log the full User-Name attribute, as enabling it sees an IP address which have the Service-Type attribute set to the name server. log_stripped_names = no '. log_auth_badpass = no , yes 488 | Reference ClearPass Guest 3.9 | Deployment Guide Table 56 General Configuration Settings (Continued) Value Description listen.type = not set Type of packets to ensure that the username on...
... knowingly turn this work. If set to "before , after " attempting to authenticate the user. The default is 'no Log the full User-Name attribute, as enabling it sees an IP address which have the Service-Type attribute set to the name server. log_stripped_names = no '. log_auth_badpass = no , yes 488 | Reference ClearPass Guest 3.9 | Deployment Guide Table 56 General Configuration Settings (Continued) Value Description listen.type = not set Type of packets to ensure that the username on...