ClearPass Guest 3.9 Deployment Guide
10 | ClearPass Guest 3.9 | Deployment GuideDelete a Report ...
100 |Onboard ClearPass Guest 3.9 | Deployment Guide Click the Previous button to return to the Access tab. Click the Next button to continue to the
ClearPass Guest 3.9 | Deployment Guide Onboard | 101In the Trusted Certificates row, mark the check box for each server certificate that the client s
102 |Onboard ClearPass Guest 3.9 | Deployment Guide take effect. Click the Cancel button to discard your changes and return to the main Onboard confi
ClearPass Guest 3.9 | Deployment Guide Onboard | 103Select one of these options in the Proxy Type drop-down list: None – No proxy server will be con
104 |Onboard ClearPass Guest 3.9 | Deployment Guide The Instructions text field can be used to provide more information or instructions to an iOS or O
ClearPass Guest 3.9 | Deployment Guide Onboard | 105Mark the Add this VPN to the device profile check box to enable provisioning of VPN settings.The
106 |Onboard ClearPass Guest 3.9 | Deployment Guide Shared Secret / Group Name – An optional group name may be specified. A shared secret (pre-share
ClearPass Guest 3.9 | Deployment Guide Onboard | 107Mark the Add this ActiveSync configuration to the device profile check box to enable email accoun
108 |Onboard ClearPass Guest 3.9 | Deployment Guide In the Sync Settings group, choose one of the following options from the Days of Mail drop-down li
ClearPass Guest 3.9 | Deployment Guide Onboard | 109To enable the passcode policy on all iOS devices, mark the Enable passcode policy check box and c
ClearPass Guest 3.9 | Deployment Guide | 11Network Diagnostics – Packet Capturing ...372Network Hosts
110 |Onboard ClearPass Guest 3.9 | Deployment Guide Resetting Onboard Certificates and ConfigurationTo delete certificates, re-create the Onboard Web
ClearPass Guest 3.9 | Deployment Guide Onboard | 111Note: This is a vendor-specific attribute with vendor ID 14823. If the RADIUS server responds wit
112 |Onboard ClearPass Guest 3.9 | Deployment Guide iOS Device Provisioning FailuresSymptom: Device provisioning fails on iOS with the message “The s
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 113Chapter 5RADIUS ServicesRADIUS is a network access-control protocol that verifies and auth
114 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Log entries that are displayed include both successful and unsuccessful authentication at
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 115Each row in the table groups together authentication attempts based on the username (that
116 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The NAS Type list may be used to select a default type for network access servers. Use th
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 117Example: Removing a User-Name SuffixSome NAS equipment always appends a realm in the form
118 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide User roles can be used to apply different security policies to different classes of guest
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1192. In the Role Name field, enter a brief descriptive name for the role—for example, if yo
12 | ClearPass Guest 3.9 | Deployment GuideChapter 10 Hotspot Manager...
120 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Enter a value for this attribute in the Value field. For integer enumerated attributes, c
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 121Example: Time of Day ConditionsIn this example, the Reply-Message attribute will be modif
122 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 2. Click the Add Attribute tab.3. Select the Reply-Message attribute from the drop-down
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 123Example: Location-Specific VLAN AssignmentIn this example, the value of a vendor-specific
124 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 3. Complete the Role Override, Expiration, Device Limit, account Limit, and Limit Action
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 125Creating a Network Access Server EntryA new NAS device is added by clicking on the Creat
126 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Motorola (RFC 3576 support) Ruckus Networks Trapeze Networks (RFC 3576 support) Tren
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 127Select the Force first row as header row check box if your data contains a header row tha
128 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide .Select the NAS entries to be created or updated with the imported data. The icon display
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 129Figure 17 Sequence diagram for guest captive portal and Web loginIn a typical configurat
ClearPass Guest 3.9 | Deployment Guide | 13Comments...
130 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The first section requires that you enter a name for this login page, as well as an optio
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 131The second section requires you to specify the behavior of the Web login form. There may
132 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide When the Web login form is submitted, the username and password are submitted to the NAS
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 133The fifth section allows you to control the look and feel of the login page. Use the Inse
134 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The ‘Allowed Access’ and ‘Denied Access’ fields are access control lists that determine i
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 135This will in turn result in a hidden field included in the Web login form. The field will
136 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide To access the value of a remembered field called “wlan”, use the syntax:{$extra_fields.wl
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 137Also if the user chooses to cancel the Web sheet, the Wi-Fi connection to the Open networ
138 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Figure 20 Captive Network Assistant on iPhoneThe Web sheet can be easily identified by t
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 139The following CLI and WebUI examples show a typical configuration of the Captive Portal p
14 | ClearPass Guest 3.9 | Deployment GuideForm Field Conversion Functions ...475Form Fiel
140 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Figure 22 Configuring the Web Login page For example, a Captive Portal profile login pag
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 141Database Maintenance TasksDatabase optimization and other maintenance tasks can be perfor
142 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The dictionary can be sorted by clicking on a column heading.Import DictionaryYou are abl
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1433. Click the Reset Dictionary button to have the dictionary reset. This action cannot be
144 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Vendor-Specific AttributesVendor-specific attributes identify configuration items specifi
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 145Once an attribute has been edited, click the Update Attribute button to save your change
146 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide You are required to enter the name of the value to be added as well as its value. Values
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 147To specify supported EAP types and the default type, and to configure OCSP options, see
148 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 2. In the Supported EAP Types row, mark the check box for each type the RADIUS server sho
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 149RADIUS Server Certificate form is displayed. The unique set of identifying details you en
ClearPass Guest 3.9 | Deployment Guide | 15FiguresFigure 1 Visitor access using ClearPass Guest...
150 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Signing RADIUS Server CertificateFor a client to verify that the RADIUS server’s identity
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 151Complete the details for the certificate, and click the Download Request button to save
152 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide A digital certificate may be imported from either the PKCS#12 format, which is a single f
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1532. Select the appropriate PEAP options in the EAP Configuration form, as shown below:3. C
154 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 1. Open the .p7b file from Windows Explorer:2. Select the certificate in the list. Right-
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1555. Click the Browse button to select the Trusted Root Certification Authorities store. 6.
156 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 7. Click Finish. A security warning reminds you that if you install the certificate, all
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 157.Active Directory Domain ServicesTo perform certain types of user authentication, such as
158 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Joining an Active Directory DomainTo start the two-step process to join the domain, click
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 159Use the Edit Settings link at the top of this page if any of the automatically detected
16 | ClearPass Guest 3.9 | Deployment GuideFigure 45 Reporting – Bin statistics with groups...
160 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The following options are available in the Authentication drop-down list: MS-CHAPv2 – En
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 161Provide these credentials in the Leave Active Directory Domain form and click the Leave
162 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Managing External Authentication ServersTo view the list of external RADIUS authenticatio
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 163The top part of the form contains basic properties for the external authentication server
164 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide . NetBIOS Domain – automatically detected when joining the domain. LDAP Server and Port
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 165To authorize all users in Active Directory, regardless of the individual user account set
166 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide timelimit = 3The number of seconds the LDAP server has to process the query (server-side
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 167 LDAP Server and Port Number – the hostname or IP address of the LDAP server, with the c
168 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Base DN – the LDAP distinguished name of the root of the search tree. This is typically
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 169To configure the authorization method for a Proxy RADIUS external authentication server,
ClearPass Guest 3.9 | Deployment Guide | 17TablesTable 1 Quick Links ...
170 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Configuring Authorization for External Authentication Servers The level of authorized acc
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 171 Use PHP code to assign a user role (Advanced) may be used to control the mapping betwee
172 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Use role assigned to local user is the only authorization method available for the loca
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 173 With authorization method Assign a fixed user role:Sending Access-Request of id 122 to
174 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide For example, to implement the following configuration: Members of the Domain Admins grou
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 175Testing a Local Certificate Authority EAS For Local Certificate Authority external authen
176 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide If you selected Separate certificate and key files (.pem, .cer, .crt ) for the TLS identi
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 177The list displays the certificates that have been installed. By default, the list is empt
178 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 179Chapter 6Operator LoginsAn operator is a company’s staff member who is able to log in to C
18 | ClearPass Guest 3.9 | Deployment GuideTable 43 Date and Time Format Strings...
180 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Figure 23 Operator profiles and visitor access control See “About Operator Logins” in
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 181The fields in the first area of the form identify the operator profile and capture any op
182 | Operator Logins ClearPass Guest 3.9 | Deployment Guide For each permission, you may grant No Access, Read Only Access, Full Access, or Custom ac
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 183If one or more roles are selected, then only those roles will be available for the operat
184 | Operator Logins ClearPass Guest 3.9 | Deployment Guide The user can enter a simple substring to match a portion of the username or any other fie
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 185operator profile, choose a page from the drop-down list. For example, if a profile is des
186 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Operator Profile PrivilegesThe privilege selections available for an operator profile pro
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 187Local Operator AuthenticationLocal operators are those defined in ClearPass Guest. Creati
188 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Any properties for the operator login that are set to (Default) are taken from the operat
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 189The Operator Logins list opens. When you click an operator login entry in the Operator Lo
ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 19Chapter 1ClearPass Guest Collaboration between companies and mobility of staff has never be
190 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Changing Operator PasswordsTo change the password for an operator, edit the operator logi
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 191To specify a basic LDAP server connection (hostname and optional port number), use a Serv
192 | Operator Logins ClearPass Guest 3.9 | Deployment Guide This form allows you to specify the type of LDAP server your system will use. Click the S
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 193Once you have completed the form, check your settings by clicking the Test Settings butt
194 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Ping—Sends a ping message (echo request) to the LDAP server to verify connectivity betw
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 195You can also verify operator authentication when you create a new LDAP server configurati
196 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Verify that the Bind DN is correct – the correct DN will depend on the structure of you
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 197 greater than – numerical value is greater than the match value starts with – case-inse
198 | Operator Logins ClearPass Guest 3.9 | Deployment Guide To edit the matching rule list, select an entry in the table to display a menu that lets
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 199For example, to permit non-administrator users to access the system only between the hour
www.arubanetworks.com1344 Crossman AvenueSunnyvale, California 94089Phone: 408.227.4500Fax 408.227.4550ClearPass Guest 3.9.2|Deployment Guide 0511112-
20 |ClearPass Guest ClearPass Guest 3.9 | Deployment Guide Documentation OverviewClick the context-sensitive Help link displayed at the top right of
200 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Operator Logins ConfigurationYou are able to configure a message on the login screen that
ClearPass Guest 3.9 | Deployment Guide Operator Logins | 201 <a href="http://www.arubanetworks.com/">contactando con Aruba Networks&l
202 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Advanced Operator Login Options The following options are available in the Logging drop-d
ClearPass Guest 3.9 | Deployment Guide Guest Management | 203Chapter 7Guest ManagementThe ability to easily create and manage guest accounts is the pr
204 | Guest Management ClearPass Guest 3.9 | Deployment Guide Sponsored Guest AccessThe following figure shows the process of sponsored guest access.
ClearPass Guest 3.9 | Deployment Guide Guest Management | 205registration page, where the guest creates a new account. At the conclusion of the regis
206 | Guest Management ClearPass Guest 3.9 | Deployment Guide To complete the form, first enter the visitor’s details into the Sponsor’s Name, Visitor
ClearPass Guest 3.9 | Deployment Guide Guest Management | 207To print a receipt for the visitor, select an appropriate template from the Open print
208 | Guest Management ClearPass Guest 3.9 | Deployment Guide To complete the form, you must enter the number of visitor accounts you want to create.A
ClearPass Guest 3.9 | Deployment Guide Guest Management | 209 Lifetime – the account lifetime in minutes, or N/A if the account does not have a life
ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 21 Chapter 11, “High Availability Services” describes the optional high availability servi
210 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. In the Number of Accounts field, enter the number of accounts you wish to create. 3.
ClearPass Guest 3.9 | Deployment Guide Guest Management | 211Managing Guest AccountsUse the Guest Manager Accounts list view to work with individual
212 | Guest Management ClearPass Guest 3.9 | Deployment Guide You can use the Filter field to narrow the search parameters. You may enter a simple sub
ClearPass Guest 3.9 | Deployment Guide Guest Management | 213Click the Update Account button to reset the guest account’s password. A new account r
214 | Guest Management ClearPass Guest 3.9 | Deployment Guide Click the Update Account button to update the properties of the guest account. A new a
ClearPass Guest 3.9 | Deployment Guide Guest Management | 215You can use the Filter field to narrow the search parameters. You may enter a simple sub
216 | Guest Management ClearPass Guest 3.9 | Deployment Guide Use the selection row at the top of the table to work with the current set of selected a
ClearPass Guest 3.9 | Deployment Guide Guest Management | 217.To complete the form, you must either specify a file containing account information, or
218 | Guest Management ClearPass Guest 3.9 | Deployment Guide In this example, the following data was used:username,visitor_name,password,expire_timed
ClearPass Guest 3.9 | Deployment Guide Guest Management | 219Click the Next Step button to preview the final result.Step 3 of 3 displays a preview
22 |ClearPass Guest ClearPass Guest 3.9 | Deployment Guide If You Need More AssistanceIf you encounter a problem using ClearPass Guest, your first ste
220 | Guest Management ClearPass Guest 3.9 | Deployment Guide Exporting Guest Account InformationGuest account information may be exported to a file i
ClearPass Guest 3.9 | Deployment Guide Guest Management | 221 SMS and email receipts – Include a short text message with your guest’s username and p
222 | Guest Management ClearPass Guest 3.9 | Deployment Guide Username Length –This field is displayed if the Username Type is set to “Random digits
ClearPass Guest 3.9 | Deployment Guide Guest Management | 223Figure 27 Customize Guest Manager page (part 2)—continued Expire Action – Default acti
224 | Guest Management ClearPass Guest 3.9 | Deployment Guide Figure 28 Customize Guest Manager page (part 3)—continued Lifetime Options – Default v
ClearPass Guest 3.9 | Deployment Guide Guest Management | 225 Password Display – Select the “View guest account passwords” to enable the display of
226 | Guest Management ClearPass Guest 3.9 | Deployment Guide modify_password: This field controls password modification for the visitor account. It
ClearPass Guest 3.9 | Deployment Guide Guest Management | 227Visitor Account Expiration Properties do_expire, modify_expire_time, expire_after and e
228 | Guest Management ClearPass Guest 3.9 | Deployment Guide “Logout” indicates that a RADIUS Disconnect-Request will be used for all active sessions
ClearPass Guest 3.9 | Deployment Guide Guest Management | 229These forms are accessed directly: create_multi form – multiple account creation crea
ClearPass Guest 3.9 | Deployment Guide Management Overview | 23Chapter 2Management OverviewThis section explains the terms, concepts, processes, and e
230 | Guest Management ClearPass Guest 3.9 | Deployment Guide A complete list of fields is displayed when you click the Fields command link on the Cus
ClearPass Guest 3.9 | Deployment Guide Guest Management | 231You can specify the default properties to use when adding the field to a form. See “Vie
232 | Guest Management ClearPass Guest 3.9 | Deployment Guide Displaying Views that Use a FieldYou are able to click the Show Views link to see a li
ClearPass Guest 3.9 | Deployment Guide Guest Management | 233Duplicating Forms and ViewsClick the Duplicate link to make a copy of a form or view.
234 | Guest Management ClearPass Guest 3.9 | Deployment Guide Form fields have a rank number, which specifies the relative ordering of the fields when
ClearPass Guest 3.9 | Deployment Guide Guest Management | 235Each field can only appear once on a form. The Field Name selects which underlying field
236 | Guest Management ClearPass Guest 3.9 | Deployment Guide Check box – A check box is displayed for the field. The check box label can be specifi
ClearPass Guest 3.9 | Deployment Guide Guest Management | 237Because an array value may not be stored directly in a custom field, you should use the
238 | Guest Management ClearPass Guest 3.9 | Deployment Guide How this works: Suppose the first two check boxes are selected (in this example, with ke
ClearPass Guest 3.9 | Deployment Guide Guest Management | 239 File upload – Displays a file selection text field and dialog box (the exact appearanc
24 | Management Overview ClearPass Guest 3.9 | Deployment Guide Reference Network DiagramThe following figure shows the network connections and protoc
240 | Guest Management ClearPass Guest 3.9 | Deployment Guide Password text field – The field is displayed as a text field, with input from the user
ClearPass Guest 3.9 | Deployment Guide Guest Management | 241The “Vertical” and “Horizontal” layout styles control whether the radio buttons are orga
242 | Guest Management ClearPass Guest 3.9 | Deployment Guide Static text (Raw value) – The field’s value is displayed as a non-editable text string
ClearPass Guest 3.9 | Deployment Guide Guest Management | 243 Static group heading – The label and description of the field is used to display a gro
244 | Guest Management ClearPass Guest 3.9 | Deployment Guide Text area – The field is displayed as a multiple-line text box. The text typed in this
ClearPass Guest 3.9 | Deployment Guide Guest Management | 245Form Validation PropertiesThe form va lidation properties control the validation of data
246 | Guest Management ClearPass Guest 3.9 | Deployment Guide Validation errors are displayed to the user by highlighting the field(s) that are in err
ClearPass Guest 3.9 | Deployment Guide Guest Management | 247With these validator settings, users that enter an invalid value will now receive a vali
248 | Guest Management ClearPass Guest 3.9 | Deployment Guide Note that the regular expression used here includes beginning and ending delimiters (in
ClearPass Guest 3.9 | Deployment Guide Guest Management | 249For pre-registered guest accounts, some fields may be completed during pre-registration
ClearPass Guest 3.9 | Deployment Guide Management Overview | 25Figure 3 Interactions involved in guest accessClearPass Guest is part of your network
250 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Conversion step should be used when the type of data displayed in the user interface
ClearPass Guest 3.9 | Deployment Guide Guest Management | 251A comparison of these two approaches is shown below to illustrate the difference: When u
252 | Guest Management ClearPass Guest 3.9 | Deployment Guide Because of the scoping rules of JavaScript, all of the user interface elements that make
ClearPass Guest 3.9 | Deployment Guide Guest Management | 253column are also shown in the list view. Values displayed in italics are default values d
254 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Column Format may be used to specify how the field’s value should be displayed. You
ClearPass Guest 3.9 | Deployment Guide Guest Management | 255This process is shown as follows. See Figure 30.Figure 30 Sequence diagram for guest se
256 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Register Page is the name of a page that does not already exist. There are no spaces
ClearPass Guest 3.9 | Deployment Guide Guest Management | 257Figure 31 Guest self-registration process.A guest self-registration page consists of ma
258 | Guest Management ClearPass Guest 3.9 | Deployment Guide Using a Parent PageTo use the settings from a previously configured self-registration pa
ClearPass Guest 3.9 | Deployment Guide Guest Management | 259The Allowed Access and Denied Access fields are access control lists that determine if
26 | Management Overview ClearPass Guest 3.9 | Deployment Guide Figure 4 Sequence diagram for network access using AAAIn the standard AAA framework,
260 | Guest Management ClearPass Guest 3.9 | Deployment Guide Template code for the title, header, and footer may be specified. See “Smarty Template
ClearPass Guest 3.9 | Deployment Guide Guest Management | 261Editing Guest Receipt Page PropertiesClick the Receipt Page link or one of the Title, He
262 | Guest Management ClearPass Guest 3.9 | Deployment Guide Editing Receipt ActionsClick the Actions link to edit the actions that are available o
ClearPass Guest 3.9 | Deployment Guide Guest Management | 263The Receipt Actions form opens. 3. In the Sponsorship Confirmation area at the bottom of
264 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Guest Registration login page is displayed as the guest would see it. When a guest c
ClearPass Guest 3.9 | Deployment Guide Guest Management | 265When email delivery is enabled, the following options are available to control email del
266 | Guest Management ClearPass Guest 3.9 | Deployment Guide These options under Enabled are available to control delivery of SMS receipts: Disable
ClearPass Guest 3.9 | Deployment Guide Guest Management | 267If automatic guest login is not enabled, the submit button on the receipt page will not
268 | Guest Management ClearPass Guest 3.9 | Deployment Guide The login page consists of two separate parts: the login form page, and a login message
ClearPass Guest 3.9 | Deployment Guide Guest Management | 269The self-service portal is accessed through a separate link that must be published to gu
ClearPass Guest 3.9 | Deployment Guide Management Overview | 27Key FeaturesRefer to the table below for a list of key features and a cross-reference
270 | Guest Management ClearPass Guest 3.9 | Deployment Guide session (that is, the guest’s HTTP client address is the same as the RADIUS Framed-IP-Ad
ClearPass Guest 3.9 | Deployment Guide Guest Management | 271Next, enable the “Required Field” option in the Self-Service Portal properties. Setting
272 | Guest Management ClearPass Guest 3.9 | Deployment Guide Plain text print templates may be used with SMS services to send guest account receipts;
ClearPass Guest 3.9 | Deployment Guide Guest Management | 273 Your guest account has been updated.</p>{elseif $action == "delete"}{/i
274 | Guest Management ClearPass Guest 3.9 | Deployment Guide Use the Remove, Move Up, Move Down, Insert Before, and Insert After links to adj
ClearPass Guest 3.9 | Deployment Guide Guest Management | 275Select one of the following entities in the Entity drop-down list: Operator Profiles –
276 | Guest Management ClearPass Guest 3.9 | Deployment Guide Customize Random Username and PasswordsIn this example we will set the random usernames
ClearPass Guest 3.9 | Deployment Guide Guest Management | 277 <th class="nwaLeft">Error</th><td class="nwaBody"&
278 | Guest Management ClearPass Guest 3.9 | Deployment Guide 4. Click Save Changes to save your settings. Once the field is enabled or inserted, yo
ClearPass Guest 3.9 | Deployment Guide Guest Management | 2794. Confirm that the accounts settings are as you expected with respect to letters and di
28 | Management Overview ClearPass Guest 3.9 | Deployment Guide Visitor Account FeaturesIndependent activation time, expiration time, and maximum usag
280 | Guest Management ClearPass Guest 3.9 | Deployment Guide Administrator > Plugin Manager > Manage Plugins and click the Configuration link f
ClearPass Guest 3.9 | Deployment Guide Guest Management | 281All devices created by one of methods described in the following section are listed. Opt
282 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. In the Account Expiration row, choose one of the options in the drop-down list to set
ClearPass Guest 3.9 | Deployment Guide Guest Management | 283Activating a Device To activate a disabled device’s account, click the device’s row in t
284 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. If you need to change the activation time, choose one of the options in the Account A
ClearPass Guest 3.9 | Deployment Guide Guest Management | 285Viewing Current Sessions for a DeviceTo view any sessions that are currently active for
286 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. In the Sponsor’s Name row, enter the name of the person sponsoring the visitor accoun
ClearPass Guest 3.9 | Deployment Guide Guest Management | 2875. To set the account’s expiration time, choose one of the options in the Account Expira
288 | Guest Management ClearPass Guest 3.9 | Deployment Guide Figure 34 Modify fieldsEdit the receipt form fields: Edit username to be a Hidden fie
ClearPass Guest 3.9 | Deployment Guide Guest Management | 289 UI: Hidden field Field Required: optional Validator: IsValidMacAddress Add or en
ClearPass Guest 3.9 | Deployment Guide Management Overview | 29Visitor Management TerminologyThe following tables describes the common terms used in
290 | Guest Management ClearPass Guest 3.9 | Deployment Guide && NwaDynamicLoad('NwaNormalizeMacAddress') // Required call &&am
ClearPass Guest 3.9 | Deployment Guide Guest Management | 291Figure 35 RADIUS Role EditorNote that modify_expire_time supports any valid syntax of s
292 | Guest Management ClearPass Guest 3.9 | Deployment Guide Automatically Registering MAC Devices in ClearPass Policy Manager If ClearPass Policy Ma
ClearPass Guest 3.9 | Deployment Guide Guest Management | 293Any of the other standard fields can be added similar to importing regular guests. Advan
294 | Guest Management ClearPass Guest 3.9 | Deployment Guide For debugging purposes, include the following to see all the fields available: {dump var
ClearPass Guest 3.9 | Deployment Guide Guest Management | 295 On the Manage Multiple Sessions form, the start time of each session is used to select
296 | Guest Management ClearPass Guest 3.9 | Deployment Guide traffic, the session is considered ‘stale’ and is not counted towards the active session
ClearPass Guest 3.9 | Deployment Guide Guest Management | 297You may enter a simple substring to match a portion of the username or any other fields
298 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. To close all stale sessions at a certain time, mark the Close Open Sessions radio but
ClearPass Guest 3.9 | Deployment Guide Guest Management | 299 To set a specific date and time, choose Specify a fixed end time from the drop-down li
ClearPass Guest 3.9 | Deployment Guide | 3ContentsChapter 1 ClearPass Guest ...
30 | Management Overview ClearPass Guest 3.9 | Deployment Guide Deployment ProcessAs part of your preparations for deploying a visitor management solu
300 | Guest Management ClearPass Guest 3.9 | Deployment Guide calendar picker. In the calendar, use the arrows to select the year and month, click the
ClearPass Guest 3.9 | Deployment Guide Guest Management | 3012. Use the Start Time row to indicate the beginning of the time range for selecting sess
302 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. Use the filter to specify the group of addresses that should receive the message. See
ClearPass Guest 3.9 | Deployment Guide Guest Management | 303In the SMS Gateway field, if you choose Custom HTTP Handler from the drop-down list, you
304 | Guest Management ClearPass Guest 3.9 | Deployment Guide If your country uses a national dialing prefix such as “0”, you may enter this on the fo
ClearPass Guest 3.9 | Deployment Guide Guest Management | 305.Complete the form by typing in the SMS message and entering the mobile phone number tha
306 | Guest Management ClearPass Guest 3.9 | Deployment Guide ClearPass Guest may be configured to automatically send SMS receipts to visitors, or to
ClearPass Guest 3.9 | Deployment Guide Guest Management | 307Figure 36 Configure SMS Services PluginSMS Receipt – Select the print template to be us
308 | Guest Management ClearPass Guest 3.9 | Deployment Guide Auto-Send Field – Select a guest account field which, if set to a non-empty string or
ClearPass Guest 3.9 | Deployment Guide Guest Management | 309Figure 37 Customize SMS Receipt pageSMS Receipt FieldsThe behavior of SMS receipt opera
ClearPass Guest 3.9 | Deployment Guide Management Overview | 31Site Preparation Checklist The following is a checklist of the items that should be co
310 | Guest Management ClearPass Guest 3.9 | Deployment Guide values “_Disabled” and “_Enabled” may be used to never send an SMS or always send an SMS
ClearPass Guest 3.9 | Deployment Guide Guest Management | 311Email receipts may be sent manually by clicking the Send email receipt link displayed
312 | Guest Management ClearPass Guest 3.9 | Deployment Guide Email Receipt OptionsThe Customize Email Receipt form may be used to set default options
ClearPass Guest 3.9 | Deployment Guide Guest Management | 313 Always send using ‘cc:’ – The Copies To list is always sent a copy of any guest accoun
314 | Guest Management ClearPass Guest 3.9 | Deployment Guide SMTP Receipt Fields The behavior of email receipt operations can be customized with cert
ClearPass Guest 3.9 | Deployment Guide Guest Management | 315 smtp_warn_before_template_id – This field overrides the print template ID specified un
316 | Guest Management ClearPass Guest 3.9 | Deployment Guide
ClearPass Guest 3.9 | Deployment Guide Report Management | 317Chapter 8Report ManagementThe Reporting Manager provides you with a set of tools to sum
318 | Report Management ClearPass Guest 3.9 | Deployment Guide Number of sessions per NAS – This report shows the total number of sessions per NAS in
ClearPass Guest 3.9 | Deployment Guide Report Management | 319RunThe Run option allows you to change the date range of the report before it is run. C
32 | Management Overview ClearPass Guest 3.9 | Deployment Guide
320 | Report Management ClearPass Guest 3.9 | Deployment GuideThe Report Type editor allows you to change the defaults for the Date Range and the Form
ClearPass Guest 3.9 | Deployment Guide Report Management | 321 Visible-only access – the report is visible in the list. It can be viewed in HTML but
322 | Report Management ClearPass Guest 3.9 | Deployment GuideExporting Report DefinitionsReport definitions may be exported to a file and later impor
ClearPass Guest 3.9 | Deployment Guide Report Management | 323Importing report DefinitionsReport definitions may be imported from a file that has been
324 | Report Management ClearPass Guest 3.9 | Deployment GuideAbout Custom ReportsThe Report Editor is used to build a custom report. The process used
ClearPass Guest 3.9 | Deployment Guide Report Management | 325Data SourcesThe available data sources are: Local RADIUS Accounting – Accounting traffi
326 | Report Management ClearPass Guest 3.9 | Deployment GuideFigure 42 Reporting – Bin west of GMTThe next diagram is similar but for time zones tha
ClearPass Guest 3.9 | Deployment Guide Report Management | 327Group classifications may be created using the report editor. See “Groups” in this cha
328 | Report Management ClearPass Guest 3.9 | Deployment GuideFigure 46 Components of the Report EditorReport Type
ClearPass Guest 3.9 | Deployment Guide Report Management | 329The Report Type link opens a window where you type a distinct name or Title for the repo
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 33Chapter 3Setup GuideThis section covers the initial deployment and configuration of ClearPass G
330 | Report Management ClearPass Guest 3.9 | Deployment Guide Properties for classification methods (bin size and offset) Properties for output ser
ClearPass Guest 3.9 | Deployment Guide Report Management | 331Parameter User Interface EditingThe Edit Parameter form is used to specify the default v
332 | Report Management ClearPass Guest 3.9 | Deployment GuideThe initial value displayed on this form for a report parameter may be specified as the
ClearPass Guest 3.9 | Deployment Guide Report Management | 333Click the Save Changes button to return to the Report Editor.Select FieldsIf you have
334 | Report Management ClearPass Guest 3.9 | Deployment GuideEach source field has a name that is unique within the report. You can also attach a des
ClearPass Guest 3.9 | Deployment Guide Report Management | 335If you select to calculate a value by summing over source fields, you are required to no
336 | Report Management ClearPass Guest 3.9 | Deployment GuideTo add additional filters, click the first source filter. An action row is displayed wit
ClearPass Guest 3.9 | Deployment Guide Report Management | 337You must then select the filter from the Filter Type drop down list. The following optio
338 | Report Management ClearPass Guest 3.9 | Deployment GuideTo create a bin or a classification group, click the Create Classifier tab in the Edit
ClearPass Guest 3.9 | Deployment Guide Report Management | 339 Time measurement: bin by days – See “Binning Example – Time Measurements” in this ch
34 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Setting Up the Virtual Appliance VMware Workstation or VMware Player The virtual appliance is
340 | Report Management ClearPass Guest 3.9 | Deployment GuideLike the statistic fields, metrics share a close relationship with the report’s classifi
ClearPass Guest 3.9 | Deployment Guide Report Management | 341 Median value – the median (middle) value of the source field over the selected classif
342 | Report Management ClearPass Guest 3.9 | Deployment Guide Number of distinct values – the number of distinct values that the statistic field tak
ClearPass Guest 3.9 | Deployment Guide Report Management | 343You are required to enter a unique name for this output series. You must also select the
344 | Report Management ClearPass Guest 3.9 | Deployment GuideTo edit an output series field, click the Edit link for the field. The Edit Series fi
ClearPass Guest 3.9 | Deployment Guide Report Management | 345 Match filters check if a value matches a particular condition, which could be a regula
346 | Report Management ClearPass Guest 3.9 | Deployment Guide Unconditionally exclude item if filter matches – If the filter matches the item in the
ClearPass Guest 3.9 | Deployment Guide Report Management | 347 Scatter PolarIn general, the first field in the output series is used as the category
348 | Report Management ClearPass Guest 3.9 | Deployment GuideThis standard header includes the report title, the time at which the report was run, an
ClearPass Guest 3.9 | Deployment Guide Report Management | 349Creating the Report – Step 1 The following form will be displayed when the Create New Re
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 35The configuration for the virtual machine includes one virtual Ethernet adapter. The initial n
350 | Report Management ClearPass Guest 3.9 | Deployment GuideCreating Sample Reports Report Based on Modifying an Existing ReportThis sample involves
ClearPass Guest 3.9 | Deployment Guide Report Management | 351Report Created from Report Manager using Create New ReportTo create a report that lists
352 | Report Management ClearPass Guest 3.9 | Deployment Guide6. Select the required fields in Step 2. For this report the fields are shown in the scr
ClearPass Guest 3.9 | Deployment Guide Report Management | 3539. You can continue to further enhance this report using the Report Editor. To change th
354 | Report Management ClearPass Guest 3.9 | Deployment Guide11. The Source Field will be changed to nas_ip_address, as this report is to calculate t
ClearPass Guest 3.9 | Deployment Guide Report Management | 35520. Click the Back to report editor link to return to the Report Editor.21. As there a
356 | Report Management ClearPass Guest 3.9 | Deployment Guide 0 => /* group 0 */ array ( 'a' => /* group value: &apo
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 357Chapter 9Administrator TasksThe Administrator module provides tools used by a network
358 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Configuring Integration with Other ClearPass Servers The Administrator module lets yo
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 3593. To configure integration with ClearPass Profiler, mark the Enable Profiling check b
36 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Console User Interface FunctionsWhen you log in to the console user interface, the following m
360 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Automatic Network Diagnostics When you view or edit the appliance’s network configura
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 361Viewing or Setting System Hostname The system hostname is a fully-qualified domain nam
362 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Edit – Change the configuration of a network interface, including IP address, DNS
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 363 To specify an IP address for the network interface, select Manually configure IP add
364 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Click the Save Changes button to update the network interface with the specified se
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 365Managing Static RoutesIn the Network Interfaces list view, click the network interface
366 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Figure 47 Network diagram showing IP addressing for a GRE tunnel To create a GRE tun
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 367Use the Create a VLAN interface link to create a new network interface with a specif
368 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide VLAN interfaces are distinguished from other network interfaces with blue icons. The
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 369Secondary network interfaces have the same name as the underlying physical interface,
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 37Accessing the Graphical User InterfaceAfter you start ClearPass Guest, the initial startup scr
370 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The ‘Deny Behavior’ drop-down list may be used to specify the action to take when acc
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 371Select a diagnostic from the drop-down list. Depending on the diagnostic you have sele
372 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide form. Additional RADIUS attributes may also be included by adding Attribute-Name = V
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 373Select the network interface and, if required, enter filtering parameters to restrict
374 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Once the packet capture has completed, the status is updated, and a link to Downloa
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 375The fields on each line are separated by any number of blanks or tab characters. Any
376 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The SNMP Setup form is used to configure the system’s SNMP server and enable SNMP acc
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 377SNMP version 2c has only one configuration option, which is the name of the community
378 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide SNMP-VIEW-BASED-ACM-MIB TCP-MIB UCD-DISKIO-MIB UCD-DLMOD-MIB UCD-SNMP-MIB UDP-
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 379The From Address must be specified. This is the sender of the email and will be visibl
38 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Accepting the ClearPass Guest License Agreement The first time you log in, you are prompted to
380 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide A completed sample certificate request is shown below.Click the Create Certificate
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 381The process for installing an SSL certificate has been simplified. In the first step,
382 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide To resolve this error, first check that you have provided the correct intermediate ce
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 383Backup and RestoreClick the Backup & Restore command link on the Administrator sta
384 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Server Configuration), you can select to back up the entire area or only a particular
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 385You are able to select either a complete or custom backup to run on the schedule. The
386 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide proxy*: proxy related arguments quote=CMD: send custom command to FTP server requ
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 387restore, be sure to select the appropriate items by clicking the tick icon for each co
388 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide server. To access the Content Manager, click the Content Manager command link on the
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 389Downloading ContentTo download a file from the Internet for use in ClearPass Guest, cl
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 39To create a new password for the administrator account: 1. (Optional) For enhanced security, y
390 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Performing a Security AuditUse the Check Security command link on the Administrator &
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 391attention. Use the Disable Check link to prevent the security audit from raising warn
392 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide 1. To configure notifications, go to Administrator > Notifications. The Configure
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 393Determining Installed Operating System PackagesUse the Advanced view of the System Inf
394 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide clusters after the plugins are updated. Please see Destroying a Cluster and Cluster S
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 395Plugins cannot be disabled or removed if other enabled plugins are dependent on them.
396 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The default view of the Add New Plugins page lists all available updates and plugins
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 397To undo any changes to the plugin’s configuration, click the plugin’sRestore default
398 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide 1. To change the application’s title, enter the new name in the Application Title fie
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 3992. The default navigation layout is “expanded.” To change the behavior of the navigati
4 | ClearPass Guest 3.9 | Deployment GuideConfiguring the ClearPass Guest Subscription ID...45Installing Subscrip
40 | Setup Guide ClearPass Guest 3.9 | Deployment Guide 2. In the Hostname field, enter the new name. A valid hostname is a domain name that contains
400 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide To ensure that authentication, authorization, and accounting (AAA) is performed corre
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 401System ControlThe System Control commands on the Administrator > System Control pag
402 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide 5—Notice: normal but significant condition 6—Informational: informational messages
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 403Facility: Redirecting Application Log Messages To redirect log messages from the appli
404 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide For high-traffic sites that are maintaining many weeks of log files, enter a non-zero
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 405Figure 48 Data Retention Policy pageSelect Enable to enable the the data retention po
406 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Changing Database Configuration ParametersThe Database Configuration form allows you
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 407Changing Web Application ConfigurationCertain performance and security options may be
408 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Changing Web Server ConfigurationHigh-traffic deployments may need to adjust certain
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 409This report can be downloaded for support purposes.Adding Disk SpaceStorage capacity c
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 41ClearPass Guest must be configured appropriately for your organization’s relevant network infr
410 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide .
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 411System LogThe system log viewer available on the Support > System Logs page displa
412 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Use the Filter tab to control advanced filtering settings, such as which logs to se
ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 413Searching the Application LogYou are able to search for particular log records using t
414 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 415Chapter 10Hotspot ManagerThe Hotspot Manager controls self provisioned guest or visitor ac
416 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide Manage Hotspot Sign-upYou can enable visitor access self provisioning by navigating to Cu
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 417The Require HTTPS field, when enabled, redirects guests to an HTTPS connection for greate
418 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide You can customize which plans are available for selection, and any of the details of a pl
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 419Creating New PlansCustom hotspot plans are added by clicking the Create Hotspot plan bu
42 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Configuring SMTP Mail Settings To configure SMTP settings: 1. Go to Administrator > Network
420 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide eWAY Netregistry Paypal WorldPayClearPass Guest also includes a Demo transaction pro
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 421You can customize the title shown on the invoice and how the invoice number is created. Y
422 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide Customize Page OnePage one of the guest self-provisioning process requires that the guest
ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 423
424 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide See “Smarty Template Syntax” in the Reference chapter for details about the template sy
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 425Chapter 11High Availability ServicesThe goal of a highly available system is to
426 | High Availability Services ClearPass Guest 3.9 | Deployment Guide A cluster’s virtual IP address is a unique IP address that will always be assi
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 427Deploying an SSL CertificateSpecial consideration needs to be given to deploym
428 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Replicating the database contents ensures that in the event of a primary node
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 429 SNMP server settings ( See “SNMP Configuration” in the Administrator Tasks
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 432. For details on how to complete the SNMP configuration, see “SNMP Configuration” in the Admi
430 | High Availability Services ClearPass Guest 3.9 | Deployment Guide The cluster will continue operating without service interruption. Network serv
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 431Cluster SetupBefore you begin, review this checklist to ensure you are prepare
432 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Prepare Primary NodeUse the Cluster Configuration form to enter the basic netw
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 433If you have not already set a unique hostname for this server, you can do so h
434 | High Availability Services ClearPass Guest 3.9 | Deployment Guide You must enter a shared secret for this cluster. The shared secret is used to
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 435The Cluster Initialization form is displayed. Select the check box and click t
436 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Cluster MaintenanceUse the Cluster Maintenance command link to access maintena
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 4375. A progress meter is displayed while the cluster is recovered. The cluster’s
438 | High Availability Services ClearPass Guest 3.9 | Deployment Guide A similar procedure can be used to rebuild the cluster in the event of a secon
ClearPass Guest 3.9 | Deployment Guide High Availability Services | 439Immediately after the cluster is destroyed, both nodes will have the same data
44 | Setup Guide ClearPass Guest 3.9 | Deployment Guide To use a public NTP server, enter the following hostnames: 0.pool.ntp.org 1.pool.ntp.org 2.poo
440 | High Availability Services ClearPass Guest 3.9 | Deployment Guide
ClearPass Guest 3.9 | Deployment Guide Reference | 441Chapter 12ReferenceBasic HTML SyntaxClearPass Guest allows different parts of the user interface
442 | Reference ClearPass Guest 3.9 | Deployment Guide For more details about HTML syntax and detailed examples of its use, consult a HTML tutorial or
ClearPass Guest 3.9 | Deployment Guide Reference | 443Smarty Template SyntaxClearPass Guest’s user interface is built using the Smarty template engin
444 | Reference ClearPass Guest 3.9 | Deployment Guide CommentsTo remove text entirely from the template, comment it out with the Smarty syntax {* com
ClearPass Guest 3.9 | Deployment Guide Reference | 445 <!-- included if $collection is empty -->{/section}Note that the content after a {secti
446 | Reference ClearPass Guest 3.9 | Deployment Guide Predefined Template FunctionsTemplate functions are used to perform different kinds of processi
ClearPass Guest 3.9 | Deployment Guide Reference | 447 The “icon” parameter is the SRC to the image of the icon. This should normally be a relative
448 | Reference ClearPass Guest 3.9 | Deployment Guide The “icon” parameter, if specified, is the SRC to the image of the icon. This should normally
ClearPass Guest 3.9 | Deployment Guide Reference | 449Usage example:{nwa_radius_query _method=GetCallingStationTraffic callingstationid=$dhcp_lease.
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 45To define the RADIUS network access servers: 1. In the Name field, enter a descriptive name to
450 | Reference ClearPass Guest 3.9 | Deployment Guide GetUserActiveSessions($username, $callingstationid = null) GetCurrentSession($criteria) Get
ClearPass Guest 3.9 | Deployment Guide Reference | 451nwa_makeid{nwa_makeid …}Smarty registered template function. Creates a unique identifier and as
452 | Reference ClearPass Guest 3.9 | Deployment Guide The “reset” parameter may be specified to clear any existing navigation settings.Usage example:
ClearPass Guest 3.9 | Deployment Guide Reference | 453 The ‘output’ parameter specifies the metadata field to returnIf ‘output’ is not specified, th
454 | Reference ClearPass Guest 3.9 | Deployment Guide Usage examples:{nwa_userpref name=prefName}{nwa_userpref name=prefName default=10}{nwa_userpref
ClearPass Guest 3.9 | Deployment Guide Reference | 455The full list of special formats is: The % items on the right hand side are the same as those s
456 | Reference ClearPass Guest 3.9 | Deployment Guide Date/Time Format String Reference Table 43 Date and Time Format StringsFormat Result%a Abbrevi
ClearPass Guest 3.9 | Deployment Guide Reference | 457Programmer’s ReferenceNwaAlnumPasswordNwaAlnumPassword($len)Generates an alpha-numeric password
458 | Reference ClearPass Guest 3.9 | Deployment Guide NwaDigitsPassword($len)NwaDigitsPassword($len)Generates digit-only passwords of at least $len c
ClearPass Guest 3.9 | Deployment Guide Reference | 459Formats a monetary amount for display purposes. The current page language is used to adjust fo
46 | Setup Guide ClearPass Guest 3.9 | Deployment Guide To provide your subscription information: 1. In the Subscription ID field, enter your subscrip
460 | Reference ClearPass Guest 3.9 | Deployment Guide See “NwaParseCsv” and “NwaVLookup”.NwaParseXmlNwaParseXml($xml_text)Parses a string as an XM
ClearPass Guest 3.9 | Deployment Guide Reference | 461NwaVLookupNwaVLookup($value, $table, $column_index, $range_lookup = true, $value_column = 0, $c
462 | Reference ClearPass Guest 3.9 | Deployment Guide Table 46 GuestManager Standard FieldsField Descriptionaccount_activation String. The current
ClearPass Guest 3.9 | Deployment Guide Reference | 463do_expire Integer that specifies the action to take when the expire time of the account is rea
464 | Reference ClearPass Guest 3.9 | Deployment Guide expire_time Integer. Time at which the account will expire. The expiration time should be spec
ClearPass Guest 3.9 | Deployment Guide Reference | 465modify_expire_usage String. Value indicating how to modify the expire_usage field. This field i
466 | Reference ClearPass Guest 3.9 | Deployment Guide netmask String. Network address mask to use for stations using the account. This field may be
ClearPass Guest 3.9 | Deployment Guide Reference | 467password_last_change Integer. The time that the guest’s password was last changed. The password
468 | Reference ClearPass Guest 3.9 | Deployment Guide random_username_method String. Identifier specifying how usernames are to be created. It may be
ClearPass Guest 3.9 | Deployment Guide Reference | 469Hotspot Standard FieldsThe table below describes standard fields available for the Hotspot form
ClearPass Guest 3.9 | Deployment Guide Setup Guide | 47To install the default selections: You do not need to make any selections; the system has al
470 | Reference ClearPass Guest 3.9 | Deployment Guide SMS Services Standard FieldsThe table below describes standard fields available for the SMS Ser
ClearPass Guest 3.9 | Deployment Guide Reference | 471Table 49 SMPT Services Standard FieldsField Descriptionauto_send_smtp Boolean. Flag indicatin
472 | Reference ClearPass Guest 3.9 | Deployment Guide Format Picture String SymbolsWhen generating a username or password using the nwa_picture_passw
ClearPass Guest 3.9 | Deployment Guide Reference | 473Any other alphanumeric characters in the picture string will be used in the resulting username
474 | Reference ClearPass Guest 3.9 | Deployment Guide 'corp-domain.com', 'other-domain.com', ), 'deny' => a
ClearPass Guest 3.9 | Deployment Guide Reference | 475 username – specifies the name of the field containing the username. If empty or unset, the pa
476 | Reference ClearPass Guest 3.9 | Deployment Guide NwaConvertOptionalInt – Converts a string representation of an integer to the equivalent inte
ClearPass Guest 3.9 | Deployment Guide Reference | 477NwaDateFormat Format a date like the PHP function strftime(), using the argument as the date f
478 | Reference ClearPass Guest 3.9 | Deployment Guide View Display Expression Technical ReferenceA page that contains a view is displayed in an opera
ClearPass Guest 3.9 | Deployment Guide Reference | 479Standard RADIUS Request FunctionsThese functions are available for use in condition expressions
48 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Operator logins are the login accounts used for administration and management of ClearPass Gue
480 | Reference ClearPass Guest 3.9 | Deployment Guide If the expression evaluates to true, the AccessReject() will cause authorization to be refused.
ClearPass Guest 3.9 | Deployment Guide Reference | 481MacEqual()MacEqual($addr1, $addr2)Compares two MAC addresses for equality, using their canonica
482 | Reference ClearPass Guest 3.9 | Deployment Guide If $to_time is specified, the interval considered is between $from_time and $to_time.Returns th
ClearPass Guest 3.9 | Deployment Guide Reference | 483 Another way to limit the past 30 days downloads to 100 MB:return GetUserTraffic($now - 86400*
484 | Reference ClearPass Guest 3.9 | Deployment Guide GetCallingStationSessions()GetCallingStationSessions($from_time, $to_time = null, $mac_format =
ClearPass Guest 3.9 | Deployment Guide Reference | 485 'acctsessionid' => '4a762dbf00000002', 'acctuniqueid' =>
486 | Reference ClearPass Guest 3.9 | Deployment Guide See “GetCurrentSession()” for details of the return value.GetUserStationCount()GetUserStation
ClearPass Guest 3.9 | Deployment Guide Reference | 487Example:Use the following as a conditional expression for an attribute. If the user's traf
488 | Reference ClearPass Guest 3.9 | Deployment Guide listen.type = not set Type of packets to listen for. Allowed values are “auth” for authenticati
ClearPass Guest 3.9 | Deployment Guide Reference | 489Security Configuration Proxy Configuration Table 57 Security Configuration SettingsValue Descr
ClearPass Guest 3.9 | Deployment Guide Onboard | 49Chapter 4OnboardOnboarding is the process of preparing a device for use on an enterprise network by
490 | Reference ClearPass Guest 3.9 | Deployment Guide SNMP Query ConfigurationThe SNMP query configuration value is snmp = no. To enable SNMP queryin
ClearPass Guest 3.9 | Deployment Guide Reference | 491Authentication Module Configuration thread.max_requests_per_server = 0 Set the maximum number o
492 | Reference ClearPass Guest 3.9 | Deployment Guide Database Module Configuration EAP Module ConfigurationSet the advanced.eap = 1 option to enable
ClearPass Guest 3.9 | Deployment Guide Reference | 493The following EAP module options are usually not required, as EAP configuration can be performe
494 | Reference ClearPass Guest 3.9 | Deployment Guide module.eap_tls = no Enables EAP-TLS module.The following functions onfigure digital certificate
ClearPass Guest 3.9 | Deployment Guide Reference | 495LDAP Module ConfigurationThe following LDAP module options are usually not required, as LDAP se
496 | Reference ClearPass Guest 3.9 | Deployment Guide ldap.password_attribute = “nspmPassword” To support Novell eDirectory Universal Password, this
ClearPass Guest 3.9 | Deployment Guide Reference | 497ldap.tls_certfile = not set The PEM Encoded certificate file that should be presented to client
498 | Reference ClearPass Guest 3.9 | Deployment Guide Rewrite Module ConfigurationThe attr_rewrite module can be used to perform pattern matching and
ClearPass Guest 3.9 | Deployment Guide Reference | 499List of Standard Radius AttributesAuthentication AttributesThese are the attributes the NAS use
ClearPass Guest 3.9 | Deployment Guide | 5Configuring Provisioning Settings ...89C
50 |Onboard ClearPass Guest 3.9 | Deployment Guide Configure SSL certificate for the Onboard provisioning server.A commercial SSL certificate is requi
500 | Reference ClearPass Guest 3.9 | Deployment Guide Service-Type: This attribute indicates the type of service the user has requested, or the typ
ClearPass Guest 3.9 | Deployment Guide Reference | 501 Acct-Terminate-Cause: This attribute indicates how the session was terminated, and can only b
502 | Reference ClearPass Guest 3.9 | Deployment Guide The regular expression syntax used is Perl-compatible. For further details on writing regular e
ClearPass Guest 3.9 | Deployment Guide Glossary | 503Chapter 13Glossary802.1X IEEE standard for port-based network access control. Access-Accept Respo
504 |Glossary ClearPass Guest 3.9 | Deployment Guide in the certificate (only the certificate authority can create valid certificates). Disconnect-Ack
ClearPass Guest 3.9 | Deployment Guide Glossary | 505operator profile Characteristics assigned to a class of operators, such as the permissions grant
506 |Glossary ClearPass Guest 3.9 | Deployment Guide sponsor See operator. TLS See EAP-TLS. trust chain Sequence of certificates, starting at a truste
ClearPass Guest 3.9 | Deployment Guide Index | 507 IndexNumerics802.1Q VLAN...367802.1X ...
508 |Index ClearPass Guest 3.9 | Deployment Guide RADIUS server, importing...151RADIUS server, installing...
ClearPass Guest 3.9 | Deployment Guide Index | 509debuggingAAA debug... 114, 116RADIUS server ...
ClearPass Guest 3.9 | Deployment Guide Onboard | 51Onboard Feature List The following features are available in ClearPass Onboard. Supported Platform
510 |Index ClearPass Guest 3.9 | Deployment Guide email... 225, 463enabled ...
ClearPass Guest 3.9 | Deployment Guide Index | 511Value conversion...250Value formatter ...
512 |Index ClearPass Guest 3.9 | Deployment Guide Primary failure ...429Rebuild cluster ...
ClearPass Guest 3.9 | Deployment Guide Index | 513Subtract ...342Sum...
514 |Index ClearPass Guest 3.9 | Deployment Guide passwordresetting ...212Password Authentica
ClearPass Guest 3.9 | Deployment Guide Index | 515Report editorChart presentations ...346Classification groups
516 |Index ClearPass Guest 3.9 | Deployment Guide sequence diagramAAA ...26guest sel
ClearPass Guest 3.9 | Deployment Guide Index | 517translation rules ...196troubleshooting ...
518 |Index ClearPass Guest 3.9 | Deployment Guide
52 |Onboard ClearPass Guest 3.9 | Deployment Guide Note 1: Uses the “Over-the-air provisioning” method.Note 2: Uses the “Onboard provisioning” metho
ClearPass Guest 3.9 | Deployment Guide Onboard | 53Figure 6 Relationship of Certificates in the Onboard Public Key Infrastructure The root certifica
54 |Onboard ClearPass Guest 3.9 | Deployment Guide To disable network access for a device, revoke the TLS client certificate provisioned to the device
ClearPass Guest 3.9 | Deployment Guide Onboard | 55Network Requirements for OnboardFor complete functionality to be achieved, ClearPass Onboard has c
56 |Onboard ClearPass Guest 3.9 | Deployment Guide For example, if the Onboard server’s hostname is onboard.example.com, the OCSP URL to use is: http:
ClearPass Guest 3.9 | Deployment Guide Onboard | 57Figure 8 Detailed View of the ClearPass Onboard Network Architecture The components shown in Figu
58 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 9 ClearPass Onboard Network Architecture when Using ClearPass Guest The user experience for
ClearPass Guest 3.9 | Deployment Guide Onboard | 59Figure 10 ClearPass Onboard Process for iOS Devices The Onboard process is divided into three sta
6 | ClearPass Guest 3.9 | Deployment GuideNAS Login Parameters...135Using
60 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 11 Sequence Diagram for the Onboard Workflow on iOS Platform 1. When a BYOD device first jo
ClearPass Guest 3.9 | Deployment Guide Onboard | 61Figure 12 Over-the-Air Provisioning Workflow for iOS Platform 1. The only user interaction requir
62 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 13 ClearPass Onboard Process for Onboard-Capable Devices The Onboard process is divided int
ClearPass Guest 3.9 | Deployment Guide Onboard | 63Figure 14 Sequence Diagram for the Onboard Workflow on Android Platform 1. When a BYOD device fir
64 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 15 Onboard Provisioning Workflow in the QuickConnect App Accessing Onboard To access ClearP
ClearPass Guest 3.9 | Deployment Guide Onboard | 65After starting the provisioning process, users of iOS and OS X are prompted to accept a configurat
66 |Onboard ClearPass Guest 3.9 | Deployment Guide <br><strong>1.</strong> {nwa_iconlink icon
ClearPass Guest 3.9 | Deployment Guide Onboard | 67The first part of the form is used to specify the connection details for the ClearPass Policy Mana
68 |Onboard ClearPass Guest 3.9 | Deployment Guide Mark the Send device information to ClearPass Profiler check box when you will use Profiler to coll
ClearPass Guest 3.9 | Deployment Guide Onboard | 69 Determine the OCSP URL for the certificate authority View the trust chain for the certificate
ClearPass Guest 3.9 | Deployment Guide | 7Chapter 6 Operator Logins...
70 |Onboard ClearPass Guest 3.9 | Deployment Guide Select the appropriate mode for the certificate authority: Root CA – The Onboard certificate autho
ClearPass Guest 3.9 | Deployment Guide Onboard | 71In the Identity section of the form: Enter values in the Country, State, Locality, Organization,
72 |Onboard ClearPass Guest 3.9 | Deployment Guide In the Private Key section: Mark the Generate a new private key check box to create a new private
ClearPass Guest 3.9 | Deployment Guide Onboard | 73In the Identity section of the form: Enter values in the Country, State, Locality, Organization,
74 |Onboard ClearPass Guest 3.9 | Deployment Guide The Key Type drop-down list specifies the type of private key that should be created for the cert
ClearPass Guest 3.9 | Deployment Guide Onboard | 75Click the Request a Certificate link on this page. The Request a Certificate page is displayed.Cli
76 |Onboard ClearPass Guest 3.9 | Deployment Guide Copy and paste the certificate signing request text into the Saved Request text field.Because this
ClearPass Guest 3.9 | Deployment Guide Onboard | 77Installing a Certificate Authority’s CertificateThe CA Certificate Import page may be used to: Up
78 |Onboard ClearPass Guest 3.9 | Deployment Guide Choose the file to upload in the Certificate field.To upload a single certificate, choose a certifi
ClearPass Guest 3.9 | Deployment Guide Onboard | 79 Replacement Renewal – Generates a new private key for the root certificate, and reissues the roo
8 | ClearPass Guest 3.9 | Deployment GuideVisitor Account Expiration Properties...227Other Properties
80 |Onboard ClearPass Guest 3.9 | Deployment Guide Click the Show certificate link to view the properties of a certificate in the trust chain.Creatin
ClearPass Guest 3.9 | Deployment Guide Onboard | 81Specifying the Identity of the Certificate SubjectIn the first part of the form, provide the ident
82 |Onboard ClearPass Guest 3.9 | Deployment Guide Issuing the Certificate RequestMark the Issue this certificate immediately check box to automatical
ClearPass Guest 3.9 | Deployment Guide Onboard | 83Searching for CertificatesThe Filter field can be used to quickly search for a matching certificat
84 |Onboard ClearPass Guest 3.9 | Deployment Guide Use the Format drop-down list to select the format in which the certificate should be exported. The
ClearPass Guest 3.9 | Deployment Guide Onboard | 85Once the certificate has been revoked, future checks of the certificate’s validity using OCSP or C
86 |Onboard ClearPass Guest 3.9 | Deployment Guide Use the Format drop-down list to select the format in which the certificate signing request should
ClearPass Guest 3.9 | Deployment Guide Onboard | 87Mark the Reject this request check box to confirm that the certificate signing request should be r
88 |Onboard ClearPass Guest 3.9 | Deployment Guide Paste the text into the Certificate Signing Request text field. Be sure to include the complete blo
ClearPass Guest 3.9 | Deployment Guide Onboard | 89Use the Certificate Signing Request field to select the appropriate file for upload.Note: The file
ClearPass Guest 3.9 | Deployment Guide | 9MAC Authentication in ClearPass Guest...279MAC Addre
90 |Onboard ClearPass Guest 3.9 | Deployment Guide This page is used to configure the settings for ClearPass Onboard device provisioning, including:
ClearPass Guest 3.9 | Deployment Guide Onboard | 91The Certificate Authority drop-down list can be used to select a different certificate authority.
92 |Onboard ClearPass Guest 3.9 | Deployment Guide Mark the Include device information in TLS client certificates check box to include additional fiel
ClearPass Guest 3.9 | Deployment Guide Onboard | 93Configuring Provisioning Settings for iOS and OS XThe third part of the Device Provisioning Settin
94 |Onboard ClearPass Guest 3.9 | Deployment Guide Select one of the following options in the Profile Security drop-down list to control how a device
ClearPass Guest 3.9 | Deployment Guide Onboard | 95Mark the appropriate check boxes here to enable device provisioning on the respective platforms:
96 |Onboard ClearPass Guest 3.9 | Deployment Guide The Provisioning Access warning message is displayed when HTTPS is not required for guest access. H
ClearPass Guest 3.9 | Deployment Guide Onboard | 97Enter a number in the Maximum Devices field to limit the maximum number of devices that each user
98 |Onboard ClearPass Guest 3.9 | Deployment Guide The options available in the Network Type drop-down list are: Both — Wired and Wireless – Configur
ClearPass Guest 3.9 | Deployment Guide Onboard | 99Configuring 802.1X Authentication Network SettingsClick the Protocols tab to display the Enterpri
Comments to this Manuals