W-ClearPass Guest 6.0 Deployment Guide
Page 6
... Settings Automatically 122 Configuring Trust Settings Manually 123 Configuring Windows-Specific Network Settings 124 Configuring Proxy Settings 125 Configuring an iOS Device VPN Connection 125 Configuring an iOS Device Email Account 127 Configuring an iOS Device Passcode Policy 129 Resetting Onboard Certificates and Configuration 130 Onboard Troubleshooting ...a Field 147 Displaying Views that Use a Field 147 Customizing AirGroup Registration Forms 147 Configuring the Shared Locations and Shared Role Fields 147 6| Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
... Settings Automatically 122 Configuring Trust Settings Manually 123 Configuring Windows-Specific Network Settings 124 Configuring Proxy Settings 125 Configuring an iOS Device VPN Connection 125 Configuring an iOS Device Email Account 127 Configuring an iOS Device Passcode Policy 129 Resetting Onboard Certificates and Configuration 130 Onboard Troubleshooting ...a Field 147 Displaying Views that Use a Field 147 Customizing AirGroup Registration Forms 147 Configuring the Shared Locations and Shared Role Fields 147 6| Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
W-ClearPass Guest 6.0 Deployment Guide
Page 9
...Authentication Servers Creating an LDAP Server Advanced LDAP URL Syntax Viewing the LDAP Server List LDAP Operator Server Troubleshooting Testing Connectivity Testing Operator Login Authentication Looking Up Sponsor Names Troubleshooting Error Messages LDAP Translation Rules Custom LDAP Translation Processing Operator Logins... Automatic Logout Reference Basic HTML Syntax Standard HTML Styles Smarty Template Syntax Basic Template Syntax Text Substitution Template File Inclusion Dell Networking W-ClearPass Guest 6.0 | Deployment Guide 233 234 234 236 237 238 239 239 241 241 241 242 242 242 245 ...
...Authentication Servers Creating an LDAP Server Advanced LDAP URL Syntax Viewing the LDAP Server List LDAP Operator Server Troubleshooting Testing Connectivity Testing Operator Login Authentication Looking Up Sponsor Names Troubleshooting Error Messages LDAP Translation Rules Custom LDAP Translation Processing Operator Logins... Automatic Logout Reference Basic HTML Syntax Standard HTML Styles Smarty Template Syntax Basic Template Syntax Text Substitution Template File Inclusion Dell Networking W-ClearPass Guest 6.0 | Deployment Guide 233 234 234 236 237 238 239 239 241 241 241 242 242 242 245 ...
W-ClearPass Guest 6.0 Deployment Guide
Page 16
... this scenario, visitors are using their username and password for a selfprovisioned guest account may be provisioned by ClearPass Guest. 16 | Visitor Access Scenarios Dell Networking W-ClearPass Guest 6.0 | Deployment Guide A guest account may be the case for a network offering public access, ...ClearPass Guest integrates with the network security framework, but does not require a corporate operator to access a corporate wireless network. Because access to the visitor's Web browser, or sent via SMS or email. Visitor Access Scenarios The following figure shows the network connections...
... this scenario, visitors are using their username and password for a selfprovisioned guest account may be provisioned by ClearPass Guest. 16 | Visitor Access Scenarios Dell Networking W-ClearPass Guest 6.0 | Deployment Guide A guest account may be the case for a network offering public access, ...ClearPass Guest integrates with the network security framework, but does not require a corporate operator to access a corporate wireless network. Because access to the visitor's Web browser, or sent via SMS or email. Visitor Access Scenarios The following figure shows the network connections...
W-ClearPass Guest 6.0 Deployment Guide
Page 17
Key Interactions The following figure shows the key interactions between ClearPass Guest and the people and other components involved in guest access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Interactions | 17 Figure 3: Interactions involved in providing guest access. Figure 2: Reference network diagram for visitor access The network administrator, ...visitors and the geographical layout of network access offered to access the visitor management features. The exact topology of the network and the connections made to it will depend on the type of the access points.
Key Interactions The following figure shows the key interactions between ClearPass Guest and the people and other components involved in guest access Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Key Interactions | 17 Figure 3: Interactions involved in providing guest access. Figure 2: Reference network diagram for visitor access The network administrator, ...visitors and the geographical layout of network access offered to access the visitor management features. The exact topology of the network and the connections made to it will depend on the type of the access points.
W-ClearPass Guest 6.0 Deployment Guide
Page 18
... to authenticate the username and password provided by a guest logging in to the network. The following process: l The user connects to the network by associating with a local access point [1]. 18 | AAA Framework Dell Networking W-ClearPass Guest 6.0 | Deployment Guide If authentication is successful, the guest is provided to a user according to the following figure...
... to authenticate the username and password provided by a guest logging in to the network. The following process: l The user connects to the network by associating with a local access point [1]. 18 | AAA Framework Dell Networking W-ClearPass Guest 6.0 | Deployment Guide If authentication is successful, the guest is provided to a user according to the following figure...
W-ClearPass Guest 6.0 Deployment Guide
Page 21
... should be responsible for deploying a visitor management solution, you should consider the following : Dell Networking W-ClearPass Guest 6.0 | Deployment Guide ClearPass Guest Deployment Process | 21 Network Provisioning Deploying ClearPass Guest requires provisioning the following areas: l Management decisions about security policy l Decisions about ... a user interface or database, a single item of editable fields displayed to an operator. When a user connects to access the Internet through your preparations for managing guest accounts? Someone who is permitted to the NAS device...
... should be responsible for deploying a visitor management solution, you should consider the following : Dell Networking W-ClearPass Guest 6.0 | Deployment Guide ClearPass Guest Deployment Process | 21 Network Provisioning Deploying ClearPass Guest requires provisioning the following areas: l Management decisions about security policy l Decisions about ... a user interface or database, a single item of editable fields displayed to an operator. When a user connects to access the Internet through your preparations for managing guest accounts? Someone who is permitted to the NAS device...
W-ClearPass Guest 6.0 Deployment Guide
Page 22
...guest accounts? Shared secret format? Time of the items that should be responsible for operators? or deployment using virtualization l Network connectivity - Network connectivity? l Physical location - SSL certificate Site Preparation Checklist The following is a checklist of day access? Operational...; Different guest roles? Enforce access via HTTPS? Who will be considered when setting up ClearPass Guest. Network Management Policy Password format for guest accounts? Operator provisioning? Network Provisioning Physical location? Security infrastructure? ...
...guest accounts? Shared secret format? Time of the items that should be responsible for operators? or deployment using virtualization l Network connectivity - Network connectivity? l Physical location - SSL certificate Site Preparation Checklist The following is a checklist of day access? Operational...; Different guest roles? Enforce access via HTTPS? Who will be considered when setting up ClearPass Guest. Network Management Policy Password format for guest accounts? Operator provisioning? Network Provisioning Physical location? Security infrastructure? ...
W-ClearPass Guest 6.0 Deployment Guide
Page 58
Rename it as mac_byod and then add it to Customize > Fields and duplicate mac. This can be expanded if you create multiple MAC fields. Navigate to the 'create_user and guest_edit forms. In this example the account has a registered employee device under mac, and a registered BYOD device under mac_byod.
Rename it as mac_byod and then add it to Customize > Fields and duplicate mac. This can be expanded if you create multiple MAC fields. Navigate to the 'create_user and guest_edit forms. In this example the account has a registered employee device under mac, and a registered BYOD device under mac_byod.
W-ClearPass Guest 6.0 Deployment Guide
Page 65
...unique device credentials for use on a specific user's device. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Onboard | 65 About ClearPass Onboard This section provides important information about Dell Networking W-ClearPass Onboard. Dell Networking W-ClearPass Onboard automates 802.1X configuration and provisioning for Windows, Mac ... the appropriate access credentials and setting up the network connection parameters. Accessing Onboard To access Dell Networking W-ClearPass Onboard's device provisioning features, click the Onboard link in the left navigation.
...unique device credentials for use on a specific user's device. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Onboard | 65 About ClearPass Onboard This section provides important information about Dell Networking W-ClearPass Onboard. Dell Networking W-ClearPass Onboard automates 802.1X configuration and provisioning for Windows, Mac ... the appropriate access credentials and setting up the network connection parameters. Accessing Onboard To access Dell Networking W-ClearPass Onboard's device provisioning features, click the Onboard link in the left navigation.
W-ClearPass Guest 6.0 Deployment Guide
Page 71
... control of the network administrator, it is being re-provisioned and prompts the user to take a suitable action (such as connecting to the device provisioning page. This enables re-provisioning to occur on a separate network, use the following guidelines: l Configure...a provisioning role. For example, the user may choose to support both provisioned and non-provisioned devices, use the following guidelines: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Re-Provisioning a Device | 71 Using Different SSID for Provisioning and Provisioned Networks To configure a single ...
... control of the network administrator, it is being re-provisioned and prompts the user to take a suitable action (such as connecting to the device provisioning page. This enables re-provisioning to occur on a separate network, use the following guidelines: l Configure...a provisioning role. For example, the user may choose to support both provisioned and non-provisioned devices, use the following guidelines: Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Re-Provisioning a Device | 71 Using Different SSID for Provisioning and Provisioned Networks To configure a single ...
W-ClearPass Guest 6.0 Deployment Guide
Page 72
... For example, if the Onboard server's hostname is shown in the following figure. 72 | Configuring Online Certificate Status Protocol Dell Networking W-ClearPass Guest 6.0 | Deployment Guide This URL can be constructed by using the relative path mdps_ocsp.php/1. n For PEAP authentication with... Onboard server's hostname is : http://onboard.example.com/mdps_crl.php?id=1. n In all other cases, deny access. l When a user connects to provide a real-time check on the type of a certificate. l Configure the provisioning SSID to use HTTP. Configuring Certificate Revocation List...
... For example, if the Onboard server's hostname is shown in the following figure. 72 | Configuring Online Certificate Status Protocol Dell Networking W-ClearPass Guest 6.0 | Deployment Guide This URL can be constructed by using the relative path mdps_ocsp.php/1. n For PEAP authentication with... Onboard server's hostname is : http://onboard.example.com/mdps_crl.php?id=1. n In all other cases, deny access. l When a user connects to provide a real-time check on the type of a certificate. l Configure the provisioning SSID to use HTTP. Configuring Certificate Revocation List...
W-ClearPass Guest 6.0 Deployment Guide
Page 80
...properties, use the {nwa_mdps_config} Smarty template function. Example: Install Onboard root certificate 80 | Using the {nwa_mdps_config} Template Function Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The default instructions are displayed to the user as: This corresponds to the following text prepopulated ... authority's root certificate. To modify the instructions provided to users on your Wi-Fi settings and connect to SSID: {nwa_mdps_config name=wifi_ssid} Using the {nwa_mdps_config} Template Function Certain properties can be returned, as part of ...
...properties, use the {nwa_mdps_config} Smarty template function. Example: Install Onboard root certificate 80 | Using the {nwa_mdps_config} Template Function Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The default instructions are displayed to the user as: This corresponds to the following text prepopulated ... authority's root certificate. To modify the instructions provided to users on your Wi-Fi settings and connect to SSID: {nwa_mdps_config name=wifi_ssid} Using the {nwa_mdps_config} Template Function Certain properties can be returned, as part of ...
W-ClearPass Guest 6.0 Deployment Guide
Page 81
...) NOTE: For information on page 70. See "Configuring Basic Provisioning Settings " on page 118. The Certificate Authority Settings form opens. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the Certificate Authority | 81 Example: Connect to Onboard > Certificate Authority Settings, or click the Certificate Authority Settings command link. Example: Welcome to {nwa_mdps_config name=organization_name} Configuring...
...) NOTE: For information on page 70. See "Configuring Basic Provisioning Settings " on page 118. The Certificate Authority Settings form opens. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring the Certificate Authority | 81 Example: Connect to Onboard > Certificate Authority Settings, or click the Certificate Authority Settings command link. Example: Welcome to {nwa_mdps_config name=organization_name} Configuring...
W-ClearPass Guest 6.0 Deployment Guide
Page 111
...Go to Onboard > Provisioning Settings, click the iOS & OS X tab, and scroll to sign the configuration profile. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Instructions for iOS and OS X devices: 1. The user may remove the device ...provisioning profile if they provision their device. Use the Profile Signing text field to specify the display name of the certificate used to the user after they have provisioned their device while connected...
...Go to Onboard > Provisioning Settings, click the iOS & OS X tab, and scroll to sign the configuration profile. Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Instructions for iOS and OS X devices: 1. The user may remove the device ...provisioning profile if they provision their device. Use the Profile Signing text field to specify the display name of the certificate used to the user after they have provisioned their device while connected...
W-ClearPass Guest 6.0 Deployment Guide
Page 112
.... If this tab, click Save Changes. In the Disconnect Delay row, enter the duration in seconds for Legacy OS X Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide In the Reconnect Delay row, enter the duration in the Advanced Settings row. This duration must allow ...will be displayed. Configuring Provisioning Settings for the client to wait after a reconnect attempt, regardless of success or failure. 3. In the Connect Failure row, enter the text that will be shown after sending a disconnect request to the Web server before begin disconnected from the ...
.... If this tab, click Save Changes. In the Disconnect Delay row, enter the duration in seconds for Legacy OS X Devices Dell Networking W-ClearPass Guest 6.0 | Deployment Guide In the Reconnect Delay row, enter the duration in the Advanced Settings row. This duration must allow ...will be displayed. Configuring Provisioning Settings for the client to wait after a reconnect attempt, regardless of success or failure. 3. In the Connect Failure row, enter the text that will be shown after sending a disconnect request to the Web server before begin disconnected from the ...
W-ClearPass Guest 6.0 Deployment Guide
Page 118
...Details, Edit, Disable or Enable, and Delete options. All networks that will save the changes you click Create Network. 118 | Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Specifies networking options used for the network. The row expands to mutual authentication. To create a new network, click the Create ...different tabs will be used for device provisioning are not modified until you have been provisioned are used . The settings used only by devices connecting to devices, click the network's Edit link.
...Details, Edit, Disable or Enable, and Delete options. All networks that will save the changes you click Create Network. 118 | Configuring Basic Network Access Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Specifies networking options used for the network. The row expands to mutual authentication. To create a new network, click the Create ...different tabs will be used for device provisioning are not modified until you have been provisioned are used . The settings used only by devices connecting to devices, click the network's Edit link.
W-ClearPass Guest 6.0 Deployment Guide
Page 120
...profile to individual user profiles-for example, where an iMac in settings where the device has several users and a single profile might be connected automatically. l The Windows EAP option supports PEAP with MSCHAPv2 and TLS. l The iOS & OS X EAP option supports TLS, TTLS,...to provision: 120 | Configuring 802.1X Authentication Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The System option can mark the Automatically join network check box to specify that the device should be automatically connected to the Protocols tab. To create a system profile, ...
...profile to individual user profiles-for example, where an iMac in settings where the device has several users and a single profile might be connected automatically. l The Windows EAP option supports PEAP with MSCHAPv2 and TLS. l The iOS & OS X EAP option supports TLS, TTLS,...to provision: 120 | Configuring 802.1X Authentication Network Settings Dell Networking W-ClearPass Guest 6.0 | Deployment Guide The System option can mark the Automatically join network check box to specify that the device should be automatically connected to the Protocols tab. To create a system profile, ...
W-ClearPass Guest 6.0 Deployment Guide
Page 125
...Proxy tab to the main Onboard configuration user interface. Specify the location of these options in the Proxy Type drop-down list: l None - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Proxy Settings | 125 l Manual - Create Network button to make the new network configuration settings take effect ... VPN Settings page opens. Specify the proxy server settings in the PAC URL text field. Configuring an iOS Device VPN Connection To configure the VPN settings that will be sent to a device, go to the Windows tab. No proxy server will be configured.
...Proxy tab to the main Onboard configuration user interface. Specify the location of these options in the Proxy Type drop-down list: l None - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Proxy Settings | 125 l Manual - Create Network button to make the new network configuration settings take effect ... VPN Settings page opens. Specify the proxy server settings in the PAC URL text field. Configuring an iOS Device VPN Connection To configure the VPN settings that will be sent to a device, go to the Windows tab. No proxy server will be configured.
W-ClearPass Guest 6.0 Deployment Guide
Page 126
...certificate. 126 | Configuring an iOS Device VPN Connection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Complete the fields shown in the L2TP Connection Settings section of device provisioning. Complete the fields shown in the IPSec Connection Settings section of the form. This option requires... a VPN infrastructure and want to automatically provide the secure connection settings to automatically configure virtual private networking (VPN) settings on the device in the Display Name field. NOTE: ClearPass Onboard VPN settings can only be displayed on the iOS ...
...certificate. 126 | Configuring an iOS Device VPN Connection Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Complete the fields shown in the L2TP Connection Settings section of device provisioning. Complete the fields shown in the IPSec Connection Settings section of the form. This option requires... a VPN infrastructure and want to automatically provide the secure connection settings to automatically configure virtual private networking (VPN) settings on the device in the Display Name field. NOTE: ClearPass Onboard VPN settings can only be displayed on the iOS ...
W-ClearPass Guest 6.0 Deployment Guide
Page 127
...VPN profile. A proxy server will be configured with this VPN profile. Click the Save Changes button to save the VPN connection profile and return to establish the IPSec VPN. Configuring an iOS Device Email Account To configure the Exchange ActiveSync settings that... - Use this VPN profile. An optional group name may specify the username and password using the Authentication and Password text fields. l Automatic - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring an iOS Device Email Account | 127 A shared secret (pre-shared key) is performed with iOS 4 and ...
...VPN profile. A proxy server will be configured with this VPN profile. Click the Save Changes button to save the VPN connection profile and return to establish the IPSec VPN. Configuring an iOS Device Email Account To configure the Exchange ActiveSync settings that... - Use this VPN profile. An optional group name may specify the username and password using the Authentication and Password text fields. l Automatic - Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring an iOS Device Email Account | 127 A shared secret (pre-shared key) is performed with iOS 4 and ...