W-ClearPass Guest 6.0 Deployment Guide
Page 6
... Settings Automatically 122 Configuring Trust Settings Manually 123 Configuring Windows-Specific Network Settings 124 Configuring Proxy Settings 125 Configuring an iOS Device VPN Connection 125 Configuring an iOS Device Email Account 127 Configuring an iOS Device Passcode Policy 129 Resetting Onboard Certificates and Configuration 130 Onboard Troubleshooting ...a Field 147 Displaying Views that Use a Field 147 Customizing AirGroup Registration Forms 147 Configuring the Shared Locations and Shared Role Fields 147 6| Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
... Settings Automatically 122 Configuring Trust Settings Manually 123 Configuring Windows-Specific Network Settings 124 Configuring Proxy Settings 125 Configuring an iOS Device VPN Connection 125 Configuring an iOS Device Email Account 127 Configuring an iOS Device Passcode Policy 129 Resetting Onboard Certificates and Configuration 130 Onboard Troubleshooting ...a Field 147 Displaying Views that Use a Field 147 Customizing AirGroup Registration Forms 147 Configuring the Shared Locations and Shared Role Fields 147 6| Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
W-ClearPass Guest 6.0 Deployment Guide
Page 9
...Authentication Servers Creating an LDAP Server Advanced LDAP URL Syntax Viewing the LDAP Server List LDAP Operator Server Troubleshooting Testing Connectivity Testing Operator Login Authentication Looking Up Sponsor Names Troubleshooting Error Messages LDAP Translation Rules Custom LDAP Translation Processing Operator Logins... Automatic Logout Reference Basic HTML Syntax Standard HTML Styles Smarty Template Syntax Basic Template Syntax Text Substitution Template File Inclusion Dell Networking W-ClearPass Guest 6.0 | Deployment Guide 233 234 234 236 237 238 239 239 241 241 241 242 242 242 245 ...
...Authentication Servers Creating an LDAP Server Advanced LDAP URL Syntax Viewing the LDAP Server List LDAP Operator Server Troubleshooting Testing Connectivity Testing Operator Login Authentication Looking Up Sponsor Names Troubleshooting Error Messages LDAP Translation Rules Custom LDAP Translation Processing Operator Logins... Automatic Logout Reference Basic HTML Syntax Standard HTML Styles Smarty Template Syntax Basic Template Syntax Text Substitution Template File Inclusion Dell Networking W-ClearPass Guest 6.0 | Deployment Guide 233 234 234 236 237 238 239 239 241 241 241 242 242 242 245 ...
W-ClearPass Guest 6.0 Deployment Guide
Page 16
... print receipt that IT administrators have a standard integration with all leading wireless and NAC solutions through a flexible definition point, ClearPass Policy Manager. The username and password for a network offering public access, the process is restricted, visitors must first obtain...the guest account. A guest account may be provisioned by ClearPass Guest. 16 | Visitor Access Scenarios Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Visitor Access Scenarios The following figure shows the network connections and protocols used by a corporate operator such as might be...
... print receipt that IT administrators have a standard integration with all leading wireless and NAC solutions through a flexible definition point, ClearPass Policy Manager. The username and password for a network offering public access, the process is restricted, visitors must first obtain...the guest account. A guest account may be provisioned by ClearPass Guest. 16 | Visitor Access Scenarios Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Visitor Access Scenarios The following figure shows the network connections and protocols used by a corporate operator such as might be...
W-ClearPass Guest 6.0 Deployment Guide
Page 17
The exact topology of the network and the connections made to it will depend on the type of the access points. Figure 3: Interactions involved in providing guest access. Figure 2: Reference network diagram for visitor ... visitors and the geographical layout of network access offered to access the visitor management features. Key Interactions The following figure shows the key interactions between ClearPass Guest and the people and other components involved in guest access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Interactions | 17
The exact topology of the network and the connections made to it will depend on the type of the access points. Figure 3: Interactions involved in providing guest access. Figure 2: Reference network diagram for visitor ... visitors and the geographical layout of network access offered to access the visitor management features. Key Interactions The following figure shows the key interactions between ClearPass Guest and the people and other components involved in guest access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Interactions | 17
W-ClearPass Guest 6.0 Deployment Guide
Page 18
... access scenario. If authentication is successful, the guest is provided to a user according to the following process: l The user connects to the network by associating with a local access point [1]. 18 | AAA Framework Dell Networking W-ClearPass Guest 6.0 | Deployment Guide RADIUS attributes that define a role's access permissions are assigned to a guest as part of authentication...
... access scenario. If authentication is successful, the guest is provided to a user according to the following process: l The user connects to the network by associating with a local access point [1]. 18 | AAA Framework Dell Networking W-ClearPass Guest 6.0 | Deployment Guide RADIUS attributes that define a role's access permissions are assigned to a guest as part of authentication...
W-ClearPass Guest 6.0 Deployment Guide
Page 21
...connects to the NAS device, a RADIUS access request is permitted to self-provisioned visitor accounts? Someone who is generated by the NAS. l How will manage reporting of interest? Should operators be provisioned? Such roles could include employee, guest, team member, or press. ClearPass... through your preparations for deploying a visitor management solution, you should consider the following : Dell Networking W-ClearPass Guest 6.0 | Deployment Guide ClearPass Guest Deployment Process | 21 Operator Database listing the guest accounts in terminal server. What privileges...
...connects to the NAS device, a RADIUS access request is permitted to self-provisioned visitor accounts? Someone who is generated by the NAS. l How will manage reporting of interest? Should operators be provisioned? Such roles could include employee, guest, team member, or press. ClearPass... through your preparations for deploying a visitor management solution, you should consider the following : Dell Networking W-ClearPass Guest 6.0 | Deployment Guide ClearPass Guest Deployment Process | 21 Operator Database listing the guest accounts in terminal server. What privileges...
W-ClearPass Guest 6.0 Deployment Guide
Page 22
...Different guest roles? What privileges will manage guest accounts? Network connectivity? Shared secret format? Enforce access via HTTPS? Who will be considered when setting up ClearPass Guest. Network Provisioning Physical location? Table 4: Site Preparation ...Time of network access? Security infrastructure? 22 | Site Preparation Checklist Dell Networking W-ClearPass Guest 6.0 | Deployment Guide rack space, power and cooling requirements; or deployment using virtualization l Network connectivity - VLAN selection, IP address, and hostname l Security infrastructure -...
...Different guest roles? What privileges will manage guest accounts? Network connectivity? Shared secret format? Enforce access via HTTPS? Who will be considered when setting up ClearPass Guest. Network Provisioning Physical location? Table 4: Site Preparation ...Time of network access? Security infrastructure? 22 | Site Preparation Checklist Dell Networking W-ClearPass Guest 6.0 | Deployment Guide rack space, power and cooling requirements; or deployment using virtualization l Network connectivity - VLAN selection, IP address, and hostname l Security infrastructure -...
W-ClearPass Guest 6.0 Deployment Guide
Page 58
Rename it as mac_byod and then add it to Customize > Fields and duplicate mac. Navigate to the 'create_user and guest_edit forms. In this example the account has a registered employee device under mac, and a registered BYOD device under mac_byod. This can be expanded if you create multiple MAC fields.
Rename it as mac_byod and then add it to Customize > Fields and duplicate mac. Navigate to the 'create_user and guest_edit forms. In this example the account has a registered employee device under mac, and a registered BYOD device under mac_byod. This can be expanded if you create multiple MAC fields.
W-ClearPass Guest 6.0 Deployment Guide
Page 65
...and IT-managed devices-Windows, Mac OS X, iOS and Android-across wired, wireless, and VPNs. About ClearPass Onboard This section provides important information about Dell Networking W-ClearPass Onboard. Dell Networking W-ClearPass Onboard automates 802.1X configuration and provisioning for Windows, Mac OS X, iOS, and Android devices... an enterprise network by creating the appropriate access credentials and setting up the network connection parameters. Accessing Onboard To access Dell Networking W-ClearPass Onboard's device provisioning features, click the Onboard link in the left navigation.
...and IT-managed devices-Windows, Mac OS X, iOS and Android-across wired, wireless, and VPNs. About ClearPass Onboard This section provides important information about Dell Networking W-ClearPass Onboard. Dell Networking W-ClearPass Onboard automates 802.1X configuration and provisioning for Windows, Mac OS X, iOS, and Android devices... an enterprise network by creating the appropriate access credentials and setting up the network connection parameters. Accessing Onboard To access Dell Networking W-ClearPass Onboard's device provisioning features, click the Onboard link in the left navigation.
W-ClearPass Guest 6.0 Deployment Guide
Page 71
... role should have an SSL certificate that is being re-provisioned and prompts the user to take a suitable action (such as connecting to the appropriate network). The Onboard server detects a device that is trusted by the provisioning network and the provisioned network: l...the network to restart the provisioning process and re-provision the device. For example, the user may choose to use the following guidelines: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Re-Provisioning a Device | 71 l When a user authenticates via PEAP with their device. Using Same SSID...
... role should have an SSL certificate that is being re-provisioned and prompts the user to take a suitable action (such as connecting to the appropriate network). The Onboard server detects a device that is trusted by the provisioning network and the provisioned network: l...the network to restart the provisioning process and re-provision the device. For example, the user may choose to use the following guidelines: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Re-Provisioning a Device | 71 l When a user authenticates via PEAP with their device. Using Same SSID...
W-ClearPass Guest 6.0 Deployment Guide
Page 72
...id=1. For example, if the Onboard server's hostname is onboard.example.com, the location of a certificate. l When a user connects to use PEAP, or another suitable authentication method. Configuring Certificate Revocation List (CRL) Onboard supports generating a Certificate Revocation List (CRL)...device provisioning page. As for the Onboard solution is shown in the following figure. 72 | Configuring Online Certificate Status Protocol Dell Networking W-ClearPass Guest 6.0 | Deployment Guide To configure a CRL, you will need to provide the URL of certificates that have limited ...
...id=1. For example, if the Onboard server's hostname is onboard.example.com, the location of a certificate. l When a user connects to use PEAP, or another suitable authentication method. Configuring Certificate Revocation List (CRL) Onboard supports generating a Certificate Revocation List (CRL)...device provisioning page. As for the Onboard solution is shown in the following figure. 72 | Configuring Online Certificate Status Protocol Dell Networking W-ClearPass Guest 6.0 | Deployment Guide To configure a CRL, you will need to provide the URL of certificates that have limited ...
W-ClearPass Guest 6.0 Deployment Guide
Page 80
... and used in the Header HTML text area: Please configure security and network settings on your Wi-Fi settings and connect to this URL will install the root certificate on the device provisioning page, edit the contents of the Onboard certificate authority...'s root certificate. Example: Install Onboard root certificate 80 | Using the {nwa_mdps_config} Template Function Dell Networking W-ClearPass Guest 6.0 | Deployment Guide To modify the instructions provided to the internal network. The default instructions are displayed to the user as...
... and used in the Header HTML text area: Please configure security and network settings on your Wi-Fi settings and connect to this URL will install the root certificate on the device provisioning page, edit the contents of the Onboard certificate authority...'s root certificate. Example: Install Onboard root certificate 80 | Using the {nwa_mdps_config} Template Function Dell Networking W-ClearPass Guest 6.0 | Deployment Guide To modify the instructions provided to the internal network. The default instructions are displayed to the user as...
W-ClearPass Guest 6.0 Deployment Guide
Page 81
... " on page 88) NOTE: For information on page 70. See "Configuring Basic Provisioning Settings " on page 118. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the Certificate Authority | 81 The Certificate Authority Settings form opens. Example: Connect to Onboard > Certificate Authority Settings, or click the Certificate Authority Settings command link. Name wifi_ssid organization_name Description...
... " on page 88) NOTE: For information on page 70. See "Configuring Basic Provisioning Settings " on page 118. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the Certificate Authority | 81 The Certificate Authority Settings form opens. Example: Connect to Onboard > Certificate Authority Settings, or click the Certificate Authority Settings command link. Name wifi_ssid organization_name Description...
W-ClearPass Guest 6.0 Deployment Guide
Page 111
... device when the user authorizes the device provisioning. 6. Use the Profile Signing text field to the user after they have provisioned their device. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Instructions for iOS and OS X Reconnect is left empty, the default text will be removed: l Always...X To edit the instruction text shown during initial configuration of an iOS 4 device if they attempt to provision their device while connected to an SSID that are shown to specify the display name of the following options from a particular source, and should only ...
... device when the user authorizes the device provisioning. 6. Use the Profile Signing text field to the user after they have provisioned their device. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Instructions for iOS and OS X Reconnect is left empty, the default text will be removed: l Always...X To edit the instruction text shown during initial configuration of an iOS 4 device if they attempt to provision their device while connected to an SSID that are shown to specify the display name of the following options from a particular source, and should only ...
W-ClearPass Guest 6.0 Deployment Guide
Page 112
...can use Smarty template functions. If this field is left empty, the default text will be reconnected to wait for Legacy OS X Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide This duration must allow the device to be shown to then acknowledge the HTTP request. 5. This duration must... begin disconnected from the network. 3. When your entries are complete in the Advanced Settings row. Go to the provisioned network. In the Connect Success row, enter the text that will be displayed. 5. 3. In the Allow Manual Reconnect row, mark the check box if you ...
...can use Smarty template functions. If this field is left empty, the default text will be reconnected to wait for Legacy OS X Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide This duration must allow the device to be shown to then acknowledge the HTTP request. 5. This duration must... begin disconnected from the network. 3. When your entries are complete in the Advanced Settings row. Go to the provisioned network. In the Connect Success row, enter the text that will be displayed. 5. 3. In the Allow Manual Reconnect row, mark the check box if you ...
W-ClearPass Guest 6.0 Deployment Guide
Page 118
...options related to include the Show Details, Edit, Disable or Enable, and Delete options. Specifies networking options used only by devices connecting to be used by the network. NOTE: Navigating between different tabs will be used . The modified settings are indicated with ... - To configure the network settings that will save the changes you click Create Network. 118 | Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The Network Access form opens with a "#" marker in the list. See "Configuring Device Authentication Settings...
...options related to include the Show Details, Edit, Disable or Enable, and Delete options. Specifies networking options used only by devices connecting to be used by the network. NOTE: Navigating between different tabs will be used . The modified settings are indicated with ... - To configure the network settings that will save the changes you click Create Network. 118 | Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The Network Access form opens with a "#" marker in the list. See "Configuring Device Authentication Settings...
W-ClearPass Guest 6.0 Deployment Guide
Page 120
...tab. If multiple networks are recommended when choosing the 802.1X authentication methods to provision: 120 | Configuring 802.1X Authentication Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l The Android EAP option supports PEAP with MSCHAPv2, PEAP with GTC, TTLS with MSCHAPv2, TTLS with GTC... EAP-FAST. The System option can mark the Automatically join network check box to specify that the device should be automatically connected to the network when it is not selected on this form to specify the authentication methods required by all the students. Do...
...tab. If multiple networks are recommended when choosing the 802.1X authentication methods to provision: 120 | Configuring 802.1X Authentication Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l The Android EAP option supports PEAP with MSCHAPv2, PEAP with GTC, TTLS with MSCHAPv2, TTLS with GTC... EAP-FAST. The System option can mark the Automatically join network check box to specify that the device should be automatically connected to the network when it is not selected on this form to specify the authentication methods required by all the students. Do...
W-ClearPass Guest 6.0 Deployment Guide
Page 125
... the proxy server settings in the Proxy Type drop-down list: l None - l Do one of these options in the Server and Server Port fields. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Proxy Settings | 125 l Click the Create Network button to make the new network configuration settings take effect n Click the Cancel...the following: n Click the Previous button to return to Onboard > VPN Settings, or click the VPN Settings command link. Configuring an iOS Device VPN Connection To configure the VPN settings that will be sent to a device, go to the Windows tab.
... the proxy server settings in the Proxy Type drop-down list: l None - l Do one of these options in the Server and Server Port fields. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Proxy Settings | 125 l Click the Create Network button to make the new network configuration settings take effect n Click the Cancel...the following: n Click the Previous button to return to Onboard > VPN Settings, or click the VPN Settings command link. Configuring an iOS Device VPN Connection To configure the VPN settings that will be sent to a device, go to the Windows tab.
W-ClearPass Guest 6.0 Deployment Guide
Page 126
... using a client certificate. 126 | Configuring an iOS Device VPN Connection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l IPSec - This option requires configuring your organization's name in the PPTP Connection Settings section of the form. Mark the Add this VPN connection. For example, use "ACME Sprockets VPN". Connection uses the Point-to-Point Tunneling Protocol. Complete the fields...
... using a client certificate. 126 | Configuring an iOS Device VPN Connection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide l IPSec - This option requires configuring your organization's name in the PPTP Connection Settings section of the form. Mark the Add this VPN connection. For example, use "ACME Sprockets VPN". Connection uses the Point-to-Point Tunneling Protocol. Complete the fields...
W-ClearPass Guest 6.0 Deployment Guide
Page 127
...iOS device. A proxy server will be configured with this VPN profile. l Automatic - Click the Save Changes button to save the VPN connection profile and return to Onboard > Exchange ActiveSync, or click the Exchange ActiveSync command link. Other platforms are not supported. No proxy server ... is required to access this VPN profile. Specify the location of these options in the Proxy Setup drop-down list: l None - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring an iOS Device Email Account | 127 An optional group name may specify the username and password using the...
...iOS device. A proxy server will be configured with this VPN profile. l Automatic - Click the Save Changes button to save the VPN connection profile and return to Onboard > Exchange ActiveSync, or click the Exchange ActiveSync command link. Other platforms are not supported. No proxy server ... is required to access this VPN profile. Specify the location of these options in the Proxy Setup drop-down list: l None - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring an iOS Device Email Account | 127 An optional group name may specify the username and password using the...